Interface to a Shibboleth Application instance. More...
#include <shibsp/Application.h>
Public Member Functions | |
const ServiceProvider & | getServiceProvider () const |
Returns the owning ServiceProvider instance. | |
virtual const char * | getId () const |
Returns the Application's ID. | |
virtual const char * | getHash () const =0 |
Returns a unique hash for the Application. | |
virtual std::pair< std::string, const char * > | getCookieNameProps (const char *prefix, time_t *lifetime=nullptr) const |
Returns the name and cookie properties to use for this Application. | |
virtual opensaml::saml2md::MetadataProvider * | getMetadataProvider (bool required=true) const =0 |
Returns a MetadataProvider for use with this Application. | |
virtual xmltooling::TrustEngine * | getTrustEngine (bool required=true) const =0 |
Returns a TrustEngine for use with this Application. | |
virtual AttributeExtractor * | getAttributeExtractor () const =0 |
Returns an AttributeExtractor for use with this Application. | |
virtual AttributeFilter * | getAttributeFilter () const =0 |
Returns an AttributeFilter for use with this Application. | |
virtual AttributeResolver * | getAttributeResolver () const =0 |
Returns an AttributeResolver for use with this Application. | |
virtual xmltooling::CredentialResolver * | getCredentialResolver () const =0 |
Returns the CredentialResolver instance associated with this Application. | |
virtual const PropertySet * | getRelyingParty (const opensaml::saml2md::EntityDescriptor *provider) const =0 |
Returns configuration properties governing security interactions with a peer. | |
virtual const PropertySet * | getRelyingParty (const XMLCh *entityID) const =0 |
Returns configuration properties governing security interactions with a named peer. | |
virtual const std::vector < const XMLCh * > * | getAudiences () const =0 |
virtual std::string | getNotificationURL (const char *request, bool front, unsigned int index) const =0 |
Returns the designated notification URL, or an empty string if no more locations are specified. | |
virtual const std::vector < std::string > & | getRemoteUserAttributeIds () const =0 |
Returns an array of attribute IDs to use as a REMOTE_USER value, in order of preference. | |
virtual void | clearHeader (SPRequest &request, const char *rawname, const char *cginame) const |
Ensures no value exists for a request header, allowing for application-specific customization. | |
virtual void | setHeader (SPRequest &request, const char *name, const char *value) const |
Sets a value for a request header allowing for application-specific customization. | |
virtual std::string | getSecureHeader (const SPRequest &request, const char *name) const |
Returns a non-spoofable request header value allowing for application-specific customization. | |
virtual void | clearAttributeHeaders (SPRequest &request) const |
Clears any headers that may be used to hold attributes after export. | |
virtual const SessionInitiator * | getDefaultSessionInitiator () const =0 |
Returns the default SessionInitiator when automatically requesting a session. | |
virtual const SessionInitiator * | getSessionInitiatorById (const char *id) const =0 |
Returns a SessionInitiator with a particular ID when automatically requesting a session. | |
virtual const Handler * | getDefaultAssertionConsumerService () const =0 |
Returns the default AssertionConsumerService Handler for use in AuthnRequest messages. | |
virtual const Handler * | getAssertionConsumerServiceByIndex (unsigned short index) const =0 |
Returns an AssertionConsumerService Handler with a particular index for use in AuthnRequest messages. | |
virtual const Handler * | getAssertionConsumerServiceByProtocol (const XMLCh *protocol, const char *binding=nullptr) const |
Returns an AssertionConsumerService Handler that supports a particular protocol "family" and optional binding. | |
virtual const std::vector < const Handler * > & | getAssertionConsumerServicesByBinding (const XMLCh *binding) const =0 |
virtual const Handler * | getHandler (const char *path) const =0 |
Returns the Handler associated with a particular path/location. | |
virtual void | getHandlers (std::vector< const Handler * > &handlers) const =0 |
Returns all registered Handlers. | |
virtual void | limitRedirect (const xmltooling::GenericRequest &request, const char *url) const |
Checks a proposed redirect URL against application-specific settings for legal redirects, such as same-host restrictions or whitelisted domains, and raises a SecurityPolicyException in the event of a violation. | |
Protected Member Functions | |
Application (const ServiceProvider *sp) | |
Constructor. | |
Protected Attributes | |
const ServiceProvider * | m_sp |
Pointer to parent SP instance. | |
xmltooling::RWLock * | m_lock |
Shared lock for manipulating application state. | |
std::vector< std::pair < std::string, std::string > > | m_unsetHeaders |
Pairs of raw and normalized CGI header names to clear. |
Interface to a Shibboleth Application instance.
An Application is a logical set of resources that act as a unit of session management and policy.
shibsp::Application::Application | ( | const ServiceProvider * | sp | ) | [protected] |
Constructor.
sp | parent ServiceProvider instance |
virtual void shibsp::Application::clearAttributeHeaders | ( | SPRequest & | request | ) | const [virtual] |
Clears any headers that may be used to hold attributes after export.
request | SP request to clear |
virtual void shibsp::Application::clearHeader | ( | SPRequest & | request, | |
const char * | rawname, | |||
const char * | cginame | |||
) | const [virtual] |
Ensures no value exists for a request header, allowing for application-specific customization.
request | SP request to modify | |
rawname | raw name of header to clear | |
cginame | CGI-equivalent name of header, MUST begin with "HTTP_". |
virtual const Handler* shibsp::Application::getAssertionConsumerServiceByIndex | ( | unsigned short | index | ) | const [pure virtual] |
Returns an AssertionConsumerService Handler with a particular index for use in AuthnRequest messages.
index | an index unique to an application |
virtual const Handler* shibsp::Application::getAssertionConsumerServiceByProtocol | ( | const XMLCh * | protocol, | |
const char * | binding = nullptr | |||
) | const [virtual] |
Returns an AssertionConsumerService Handler that supports a particular protocol "family" and optional binding.
protocol | a protocol identifier | |
binding | a binding identifier |
virtual const std::vector<const Handler*>& shibsp::Application::getAssertionConsumerServicesByBinding | ( | const XMLCh * | binding | ) | const [pure virtual] |
binding | a protocol binding identifier |
virtual AttributeExtractor* shibsp::Application::getAttributeExtractor | ( | ) | const [pure virtual] |
Returns an AttributeExtractor for use with this Application.
virtual AttributeFilter* shibsp::Application::getAttributeFilter | ( | ) | const [pure virtual] |
Returns an AttributeFilter for use with this Application.
virtual AttributeResolver* shibsp::Application::getAttributeResolver | ( | ) | const [pure virtual] |
Returns an AttributeResolver for use with this Application.
virtual const std::vector<const XMLCh*>* shibsp::Application::getAudiences | ( | ) | const [pure virtual] |
virtual std::pair<std::string,const char*> shibsp::Application::getCookieNameProps | ( | const char * | prefix, | |
time_t * | lifetime = nullptr | |||
) | const [virtual] |
Returns the name and cookie properties to use for this Application.
prefix | a value to prepend to the base cookie name | |
lifetime | if non-null, will be populated with a suggested lifetime for the cookie, or 0 if session-bound |
virtual xmltooling::CredentialResolver* shibsp::Application::getCredentialResolver | ( | ) | const [pure virtual] |
Returns the CredentialResolver instance associated with this Application.
virtual const Handler* shibsp::Application::getDefaultAssertionConsumerService | ( | ) | const [pure virtual] |
Returns the default AssertionConsumerService Handler for use in AuthnRequest messages.
virtual const SessionInitiator* shibsp::Application::getDefaultSessionInitiator | ( | ) | const [pure virtual] |
Returns the default SessionInitiator when automatically requesting a session.
virtual const Handler* shibsp::Application::getHandler | ( | const char * | path | ) | const [pure virtual] |
virtual void shibsp::Application::getHandlers | ( | std::vector< const Handler * > & | handlers | ) | const [pure virtual] |
Returns all registered Handlers.
handlers | array to populate |
virtual const char* shibsp::Application::getHash | ( | ) | const [pure virtual] |
Returns a unique hash for the Application.
virtual const char* shibsp::Application::getId | ( | ) | const [virtual] |
Returns the Application's ID.
virtual opensaml::saml2md::MetadataProvider* shibsp::Application::getMetadataProvider | ( | bool | required = true |
) | const [pure virtual] |
Returns a MetadataProvider for use with this Application.
required | true iff an exception should be thrown if no MetadataProvider is available |
virtual std::string shibsp::Application::getNotificationURL | ( | const char * | request, | |
bool | front, | |||
unsigned int | index | |||
) | const [pure virtual] |
Returns the designated notification URL, or an empty string if no more locations are specified.
request | requested URL to use to fill in missing pieces of notification URL | |
front | true iff front channel notification is desired, false iff back channel is desired | |
index | zero-based index of URL to return |
virtual const PropertySet* shibsp::Application::getRelyingParty | ( | const XMLCh * | entityID | ) | const [pure virtual] |
Returns configuration properties governing security interactions with a named peer.
entityID | a peer name |
virtual const PropertySet* shibsp::Application::getRelyingParty | ( | const opensaml::saml2md::EntityDescriptor * | provider | ) | const [pure virtual] |
Returns configuration properties governing security interactions with a peer.
provider | a peer entity's metadata |
virtual const std::vector<std::string>& shibsp::Application::getRemoteUserAttributeIds | ( | ) | const [pure virtual] |
Returns an array of attribute IDs to use as a REMOTE_USER value, in order of preference.
virtual std::string shibsp::Application::getSecureHeader | ( | const SPRequest & | request, | |
const char * | name | |||
) | const [virtual] |
Returns a non-spoofable request header value allowing for application-specific customization.
request | SP request to access | |
name | the name of the secure header to return |
const ServiceProvider& shibsp::Application::getServiceProvider | ( | ) | const |
Returns the owning ServiceProvider instance.
virtual const SessionInitiator* shibsp::Application::getSessionInitiatorById | ( | const char * | id | ) | const [pure virtual] |
Returns a SessionInitiator with a particular ID when automatically requesting a session.
id | an identifier unique to the Application |
virtual xmltooling::TrustEngine* shibsp::Application::getTrustEngine | ( | bool | required = true |
) | const [pure virtual] |
Returns a TrustEngine for use with this Application.
required | true iff an exception should be thrown if no TrustEngine is available |
virtual void shibsp::Application::limitRedirect | ( | const xmltooling::GenericRequest & | request, | |
const char * | url | |||
) | const [virtual] |
Checks a proposed redirect URL against application-specific settings for legal redirects, such as same-host restrictions or whitelisted domains, and raises a SecurityPolicyException in the event of a violation.
request | the request leading to the redirect | |
url | an absolute URL to validate |
virtual void shibsp::Application::setHeader | ( | SPRequest & | request, | |
const char * | name, | |||
const char * | value | |||
) | const [virtual] |
Sets a value for a request header allowing for application-specific customization.
request | SP request to modify | |
name | name of header to set | |
value | value to set |
xmltooling::RWLock* shibsp::Application::m_lock [mutable, protected] |
Shared lock for manipulating application state.
const ServiceProvider* shibsp::Application::m_sp [protected] |
Pointer to parent SP instance.
std::vector< std::pair<std::string,std::string> > shibsp::Application::m_unsetHeaders [mutable, protected] |
Pairs of raw and normalized CGI header names to clear.