#include <saml/binding/SecurityPolicy.h>
Public Member Functions | |
| SecurityPolicy (const saml2md::MetadataProvider *metadataProvider=NULL, const xmltooling::QName *role=NULL, const xmltooling::TrustEngine *trustEngine=NULL, bool validate=true) | |
| Constructor for policy. | |
| const saml2md::MetadataProvider * | getMetadataProvider () const |
| Returns the locked MetadataProvider supplied to the policy. | |
| const xmltooling::QName * | getRole () const |
| Returns the peer role element/type supplied to the policy. | |
| const xmltooling::TrustEngine * | getTrustEngine () const |
| Returns the TrustEngine supplied to the policy. | |
| bool | getValidating () const |
| Returns XML message validation setting. | |
| bool | requireEntityIssuer () const |
| Returns flag controlling non-entity issuer support. | |
| std::vector< const SecurityPolicyRule * > & | getRules () |
| Gets a mutable array of installed policy rules. | |
| void | setMetadataProvider (const saml2md::MetadataProvider *metadata) |
| Sets a locked MetadataProvider for the policy. | |
| void | setRole (const xmltooling::QName *role) |
| Sets a peer role element/type for to the policy. | |
| void | setTrustEngine (const xmltooling::TrustEngine *trust) |
| Sets a TrustEngine for the policy. | |
| void | setValidating (bool validate=true) |
| Controls schema validation of incoming XML messages. | |
| void | requireEntityIssuer (bool entityOnly=true) |
| Sets flag controlling non-entity issuer support. | |
| void | evaluate (const xmltooling::XMLObject &message, const xmltooling::GenericRequest *request=NULL) |
| Evaluates the policy against the given request and message, possibly populating message information in the policy object. | |
| void | reset (bool messageOnly=false) |
| Resets the policy object and/or clears any per-message state. | |
| const XMLCh * | getMessageID () const |
| Returns the message identifier as determined by the registered policies. | |
| time_t | getIssueInstant () const |
| Returns the message timestamp as determined by the registered policies. | |
| const saml2::Issuer * | getIssuer () const |
| Gets the issuer of the message as determined by the registered policies. | |
| const saml2md::RoleDescriptor * | getIssuerMetadata () const |
| Gets the metadata for the role the issuer is operating in. | |
| bool | isAuthenticated () const |
| Returns the authentication status of the message as determined by the registered policies. | |
| void | setMessageID (const XMLCh *id) |
| Sets the message identifier as determined by the registered policies. | |
| void | setIssueInstant (time_t issueInstant) |
| Sets the message timestamp as determined by the registered policies. | |
| void | setIssuer (const saml2::Issuer *issuer) |
| Sets the issuer of the message as determined by the registered policies. | |
| void | setIssuer (const XMLCh *issuer) |
| Sets the issuer of the message as determined by the registered policies. | |
| void | setIssuerMetadata (const saml2md::RoleDescriptor *issuerRole) |
| Sets the metadata for the role the issuer is operating in. | |
| void | setAuthenticated (bool auth) |
| Sets the authentication status of the message as determined by the registered policies. | |
| const IssuerMatchingPolicy & | getIssuerMatchingPolicy () const |
| Returns the IssuerMatchingPolicy in effect. | |
| void | setIssuerMatchingPolicy (IssuerMatchingPolicy *matchingPolicy) |
| Sets the IssuerMatchingPolicy in effect. | |
Static Protected Attributes | |
| static IssuerMatchingPolicy | m_defaultMatching |
| A shared matching object that just supports the default matching rules. | |
Classes | |
| class | IssuerMatchingPolicy |
| Allows override of rules for comparing saml2:Issuer information. More... | |
Its security mechanisms may be used to examine the transport layer (e.g client certificates and HTTP basic auth passwords) or to check the payload of a request to ensure it meets certain criteria (e.g. valid digital signature, freshness, replay).
Policy objects can be reused, but are not thread-safe.
| opensaml::SecurityPolicy::SecurityPolicy | ( | const saml2md::MetadataProvider * | metadataProvider = NULL, |
|
| const xmltooling::QName * | role = NULL, |
|||
| const xmltooling::TrustEngine * | trustEngine = NULL, |
|||
| bool | validate = true | |||
| ) | [inline] |
Constructor for policy.
| metadataProvider | locked MetadataProvider instance | |
| role | identifies the role (generally IdP or SP) of the policy peer | |
| trustEngine | TrustEngine to authenticate policy peer | |
| validate | true iff XML parsing should be done with validation |
| const saml2md::MetadataProvider* opensaml::SecurityPolicy::getMetadataProvider | ( | ) | const [inline] |
Returns the locked MetadataProvider supplied to the policy.
| const xmltooling::QName* opensaml::SecurityPolicy::getRole | ( | ) | const [inline] |
Returns the peer role element/type supplied to the policy.
| const xmltooling::TrustEngine* opensaml::SecurityPolicy::getTrustEngine | ( | ) | const [inline] |
Returns the TrustEngine supplied to the policy.
| bool opensaml::SecurityPolicy::getValidating | ( | ) | const [inline] |
Returns XML message validation setting.
| bool opensaml::SecurityPolicy::requireEntityIssuer | ( | ) | const [inline] |
Returns flag controlling non-entity issuer support.
| std::vector<const SecurityPolicyRule*>& opensaml::SecurityPolicy::getRules | ( | ) | [inline] |
Gets a mutable array of installed policy rules.
If adding rules, their lifetime must be at least as long as the policy object.
| void opensaml::SecurityPolicy::setMetadataProvider | ( | const saml2md::MetadataProvider * | metadata | ) | [inline] |
Sets a locked MetadataProvider for the policy.
| metadata | a locked MetadataProvider or NULL |
| void opensaml::SecurityPolicy::setRole | ( | const xmltooling::QName * | role | ) | [inline] |
Sets a peer role element/type for to the policy.
| role | the peer role element/type or NULL |
| void opensaml::SecurityPolicy::setTrustEngine | ( | const xmltooling::TrustEngine * | trust | ) | [inline] |
Sets a TrustEngine for the policy.
| trust | a TrustEngine or NULL |
| void opensaml::SecurityPolicy::setValidating | ( | bool | validate = true |
) | [inline] |
Controls schema validation of incoming XML messages.
This is separate from other forms of programmatic validation of objects, but can detect a much wider range of syntax errors.
| validate | validation setting |
| void opensaml::SecurityPolicy::requireEntityIssuer | ( | bool | entityOnly = true |
) | [inline] |
Sets flag controlling non-entity issuer support.
| entityOnly | require that Issuer be in entity format |
| void opensaml::SecurityPolicy::evaluate | ( | const xmltooling::XMLObject & | message, | |
| const xmltooling::GenericRequest * | request = NULL | |||
| ) |
Evaluates the policy against the given request and message, possibly populating message information in the policy object.
| message | the incoming message | |
| request | the protocol request |
| BindingException | raised if the message/request is invalid according to the supplied rules |
| void opensaml::SecurityPolicy::reset | ( | bool | messageOnly = false |
) |
Resets the policy object and/or clears any per-message state.
Resets can be complete (the default) or merely clear the previous message ID and timestamp when evaluating multiple layers of a message.
| messageOnly | true iff security and issuer state should be left in place |
| const XMLCh* opensaml::SecurityPolicy::getMessageID | ( | ) | const [inline] |
Returns the message identifier as determined by the registered policies.
| time_t opensaml::SecurityPolicy::getIssueInstant | ( | ) | const [inline] |
Returns the message timestamp as determined by the registered policies.
| const saml2::Issuer* opensaml::SecurityPolicy::getIssuer | ( | ) | const [inline] |
Gets the issuer of the message as determined by the registered policies.
| const saml2md::RoleDescriptor* opensaml::SecurityPolicy::getIssuerMetadata | ( | ) | const [inline] |
Gets the metadata for the role the issuer is operating in.
| bool opensaml::SecurityPolicy::isAuthenticated | ( | ) | const [inline] |
Returns the authentication status of the message as determined by the registered policies.
| void opensaml::SecurityPolicy::setMessageID | ( | const XMLCh * | id | ) | [inline] |
Sets the message identifier as determined by the registered policies.
| id | message identifier |
| void opensaml::SecurityPolicy::setIssueInstant | ( | time_t | issueInstant | ) | [inline] |
Sets the message timestamp as determined by the registered policies.
| issueInstant | message timestamp |
| void opensaml::SecurityPolicy::setIssuer | ( | const saml2::Issuer * | issuer | ) |
Sets the issuer of the message as determined by the registered policies.
| issuer | issuer of the message |
| void opensaml::SecurityPolicy::setIssuer | ( | const XMLCh * | issuer | ) |
Sets the issuer of the message as determined by the registered policies.
| issuer | issuer of the message |
| void opensaml::SecurityPolicy::setIssuerMetadata | ( | const saml2md::RoleDescriptor * | issuerRole | ) |
Sets the metadata for the role the issuer is operating in.
| issuerRole | metadata for the role the issuer is operating in |
| void opensaml::SecurityPolicy::setAuthenticated | ( | bool | auth | ) | [inline] |
Sets the authentication status of the message as determined by the registered policies.
| auth | indicates whether the issuer/message has been authenticated |
| const IssuerMatchingPolicy& opensaml::SecurityPolicy::getIssuerMatchingPolicy | ( | ) | const [inline] |
| void opensaml::SecurityPolicy::setIssuerMatchingPolicy | ( | IssuerMatchingPolicy * | matchingPolicy | ) | [inline] |
Sets the IssuerMatchingPolicy in effect.
Setting no policy will cause the simple, default approach to be used.
The matching object will be freed by the SecurityPolicy.
| matchingPolicy | the IssuerMatchingPolicy to use |
IssuerMatchingPolicy opensaml::SecurityPolicy::m_defaultMatching [static, protected] |
A shared matching object that just supports the default matching rules.
1.5.6