opensaml-3.2.1
opensaml::SecurityPolicyRule Class Referenceabstract

A rule that a protocol request and message must meet in order to be valid and secure. More...

#include <saml/binding/SecurityPolicyRule.h>

Public Member Functions

virtual const char * getType () const =0
 Returns the rule's class/type. More...
 
virtual bool evaluate (const xmltooling::XMLObject &message, const xmltooling::GenericRequest *request, SecurityPolicy &policy) const
 Evaluates the rule against the given request and message. More...
 

Protected Member Functions

 SecurityPolicyRule (const xercesc::DOMElement *e=0)
 Constructor. More...
 

Protected Attributes

std::set< std::string > m_profiles
 

Detailed Description

A rule that a protocol request and message must meet in order to be valid and secure.

Rules must be stateless and thread-safe across evaluations. Evaluation should not result in an exception if the request/message properties do not apply to the rule (e.g. particular security mechanisms that are not present).

Constructor & Destructor Documentation

◆ SecurityPolicyRule()

opensaml::SecurityPolicyRule::SecurityPolicyRule ( const xercesc::DOMElement *  e = 0)
protected

Constructor.

Parameters
eroot of configuration

Member Function Documentation

◆ evaluate()

virtual bool opensaml::SecurityPolicyRule::evaluate ( const xmltooling::XMLObject &  message,
const xmltooling::GenericRequest *  request,
SecurityPolicy policy 
) const
virtual

Evaluates the rule against the given request and message.

An exception will be raised if the message is fatally invalid according to a policy rule.

The return value is used to indicate whether a message was ignored or successfully processed. A false value signals that the rule wasn't successful because the rule was inapplicable to the message, but allows other rules to return an alternate result.

The base class version of this method will check for a non-empty profile set and return false iff the active profile from the policy is not in the set.

Parameters
messagethe incoming message
requestthe protocol request
policySecurityPolicy to provide various components and track message data
Returns
indicator as to whether a message was understood and processed

◆ getType()

virtual const char* opensaml::SecurityPolicyRule::getType ( ) const
pure virtual

Returns the rule's class/type.

Returns
the class/type of the object

The documentation for this class was generated from the following file: