#include <saml/binding/SecurityPolicyRule.h>
Public Member Functions | |
virtual const char * | getType () const =0 |
Returns the rule's class/type. | |
virtual bool | evaluate (const xmltooling::XMLObject &message, const xmltooling::GenericRequest *request, SecurityPolicy &policy) const |
Evaluates the rule against the given request and message. | |
Protected Member Functions | |
SecurityPolicyRule (const xercesc::DOMElement *e=0) | |
Constructor. | |
Protected Attributes | |
std::set< std::string > | m_profiles |
Rules must be stateless and thread-safe across evaluations. Evaluation should not result in an exception if the request/message properties do not apply to the rule (e.g. particular security mechanisms that are not present).
opensaml::SecurityPolicyRule::SecurityPolicyRule | ( | const xercesc::DOMElement * | e = 0 |
) | [protected] |
Constructor.
e | root of configuration |
virtual const char* opensaml::SecurityPolicyRule::getType | ( | ) | const [pure virtual] |
Returns the rule's class/type.
virtual bool opensaml::SecurityPolicyRule::evaluate | ( | const xmltooling::XMLObject & | message, | |
const xmltooling::GenericRequest * | request, | |||
SecurityPolicy & | policy | |||
) | const [virtual] |
Evaluates the rule against the given request and message.
An exception will be raised if the message is fatally invalid according to a policy rule.
The return value is used to indicate whether a message was ignored or successfully processed. A false value signals that the rule wasn't successful because the rule was inapplicable to the message, but allows other rules to return an alternate result.
The base class version of this method will check for a non-empty profile set and return false iff the active profile from the policy is not in the set.
message | the incoming message | |
request | the protocol request | |
policy | SecurityPolicy to provide various components and track message data |