shibboleth-dev - Re: Proposed (draft) Webserver API
Subject: Shibboleth Developers
List archive
- From: Derek Atkins <>
- To: "Scott Cantor" <>
- Cc: <>
- Subject: Re: Proposed (draft) Webserver API
- Date: Thu, 02 Dec 2004 14:28:36 -0500
Ok, one more try.
// This usurps the existing SHIRE and RM apis into a single class.
class ShibTargetPriv;
class ShibTarget {
public:
virtual ~ShibTarget() {}
// These are defined here so the subclass does not need to specifically
// depend on log4cpp. We could use log4cpp::Priority::PriorityLevel
// but this is just as easy, IMHO. It's just a case statement in the
// implementation to handle the event level.
enum ShibLogLevel {
LogLevelDebug,
LogLevelInfo,
LogLevelWarn,
LogLevelError
};
// Send a message to the Webserver log
virtual void log(ShibLogLevel level, String msg) = 0;
// Get/Set a cookie for this connection
virtual String getCookie(String name) = 0;
virtual String setCookie(String name, String value) = 0;
// Get the request's POST data from the server
virtual String getPostData(void) = 0;
// Not sure if I need these, but I might for something like Apache
// in order to "fix" the auth type in the case of basicHijack. In
// particular we need to maintain some state between the different
// APIs to know whether or not to proceed with shib processing.
virtual String getAuthType(void) = 0;
virtual void setAuthType(String) = 0;
// Note: we still need to define exactly what kind of data in contained
// in the HTAccessInfo -- perhaps we can stub it out so non-htaccess
// systems have something they can plug in?
virtual HTAccessInfo& getAccessInfo(void) = 0;
// We're done. Finish up. Send either a result (error?) page or a
redirect.
virtual void* sendPage(String msg, pair<String,String> headers[] = null,
int code = 200) = 0;
virtual void* sendRedirect(String url) = 0;
// These functions implement the server-agnostic shibboleth engine
// The web server modules implement a subclass and then call into
// these methods once they instantiate their request object.
void* doCheckAuthN(void);
void* doHandlePOST(void);
void* doCheckAuthZ(void);
// SHIRE APIs
// Get the session cookie name and properties for the application
std::pair<const char*,const char*> getCookieNameProps() const;
// Find the default assertion consumer service for the resource
const char* getShireURL(const char* resource) const;
// Generate a Shib 1.x AuthnRequest redirect URL for the resource
const char* getAuthnRequest(const char* resource) const;
// Process a lazy session setup request and turn it into an AuthnRequest
const char* getLazyAuthnRequest(const char* query_string) const;
// Process a POST profile submission, and return (SAMLResponse,TARGET) pair.
std::pair<const char*,const char*>
getFormSubmission(const char* post, unsigned int len) const;
RPCError* sessionCreate(const char* response, const char* ip,
std::string &cookie) const;
RPCError* sessionIsValid(const char* session_id, const char* ip) const;
// RM APIS
RPCError* getAssertions(
const char* cookie,
const char* ip,
std::vector<saml::SAMLAssertion*>& assertions,
saml::SAMLAuthenticationStatement **statement = NULL
);
static void serialize(saml::SAMLAssertion &assertion, std::string &result);
protected:
// These are the actual request parameters that must be set in the subclass
// constructor.
String m_url;
String m_method;
String m_content_type;
String m_remote_addr;
int m_total_bytes;
private:
ShibTargetPriv *m_priv;
};
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
PGP key available
- Proposed (draft) Webserver API, Derek Atkins, 12/01/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/01/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/01/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/01/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/02/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/02/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- Re: Proposed (draft) Webserver API, Steven_Carmody, 12/06/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/06/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/06/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/02/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/02/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/01/2004
- Re: Proposed (draft) Webserver API, Derek Atkins, 12/01/2004
- RE: Proposed (draft) Webserver API, Scott Cantor, 12/01/2004
Archive powered by MHonArc 2.6.16.