A rule that a protocol request and message must meet in order to be valid and secure.
More...
#include <saml/binding/SecurityPolicyRule.h>
|
virtual const char * | getType () const =0 |
| Returns the rule's class/type. More...
|
|
virtual bool | evaluate (const xmltooling::XMLObject &message, const xmltooling::GenericRequest *request, SecurityPolicy &policy) const |
| Evaluates the rule against the given request and message. More...
|
|
|
std::set< std::string > | m_profiles |
|
A rule that a protocol request and message must meet in order to be valid and secure.
Rules must be stateless and thread-safe across evaluations. Evaluation should not result in an exception if the request/message properties do not apply to the rule (e.g. particular security mechanisms that are not present).
◆ SecurityPolicyRule()
opensaml::SecurityPolicyRule::SecurityPolicyRule |
( |
const xercesc::DOMElement * |
e = 0 | ) |
|
|
protected |
◆ evaluate()
virtual bool opensaml::SecurityPolicyRule::evaluate |
( |
const xmltooling::XMLObject & |
message, |
|
|
const xmltooling::GenericRequest * |
request, |
|
|
SecurityPolicy & |
policy |
|
) |
| const |
|
virtual |
Evaluates the rule against the given request and message.
An exception will be raised if the message is fatally invalid according to a policy rule.
The return value is used to indicate whether a message was ignored or successfully processed. A false value signals that the rule wasn't successful because the rule was inapplicable to the message, but allows other rules to return an alternate result.
The base class version of this method will check for a non-empty profile set and return false iff the active profile from the policy is not in the set.
- Parameters
-
message | the incoming message |
request | the protocol request |
policy | SecurityPolicy to provide various components and track message data |
- Returns
- indicator as to whether a message was understood and processed
◆ getType()
virtual const char* opensaml::SecurityPolicyRule::getType |
( |
| ) |
const |
|
pure virtual |
Returns the rule's class/type.
- Returns
- the class/type of the object
The documentation for this class was generated from the following file: