OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ | 5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ |
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ | 6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
11 #include "net/http/http_auth_filter.h" | |
11 | 12 |
12 class GURL; | 13 class GURL; |
13 | 14 |
14 namespace net { | 15 namespace net { |
15 | 16 |
16 class HttpAuthFilter; | |
17 | |
18 // The URL security manager controls the policies (allow, deny, prompt user) | 17 // The URL security manager controls the policies (allow, deny, prompt user) |
19 // regarding URL actions (e.g., sending the default credentials to a server). | 18 // regarding URL actions (e.g., sending the default credentials to a server). |
20 class NET_EXPORT URLSecurityManager { | 19 class NET_EXPORT URLSecurityManager { |
21 public: | 20 public: |
22 URLSecurityManager() {} | 21 URLSecurityManager() {} |
23 virtual ~URLSecurityManager() {} | 22 virtual ~URLSecurityManager() {} |
24 | 23 |
25 // Creates a platform-dependent instance of URLSecurityManager. | 24 // Creates a platform-dependent instance of URLSecurityManager. |
26 // | 25 // |
27 // |whitelist_default| is the whitelist of servers that default credentials | 26 // |whitelist_default| is the whitelist of servers that default credentials |
28 // can be used with during NTLM or Negotiate authentication. If | 27 // can be used with during NTLM or Negotiate authentication. If |
29 // |whitelist_default| is NULL and the platform is Windows, it indicates | 28 // |whitelist_default| is NULL and the platform is Windows, it indicates |
30 // that security zone mapping should be used to determine whether default | 29 // that security zone mapping should be used to determine whether default |
31 // credentials sxhould be used. If |whitelist_default| is NULL and the | 30 // credentials sxhould be used. If |whitelist_default| is NULL and the |
32 // platform is non-Windows, it indicates that no servers should be | 31 // platform is non-Windows, it indicates that no servers should be |
33 // whitelisted. | 32 // whitelisted. |
34 // | 33 // |
35 // |whitelist_delegate| is the whitelist of servers that are allowed | 34 // |whitelist_delegate| is the whitelist of servers that are allowed |
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, | 35 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, |
37 // no servers can have delegated Kerberos tickets. | 36 // no servers can have delegated Kerberos tickets. |
38 // | 37 // |
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by | 38 // Both |whitelist_default| and |whitelist_delegate| will be owned by |
40 // the created URLSecurityManager. | 39 // the created URLSecurityManager. |
41 // | 40 // |
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter | 41 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter |
asanka
2015/11/04 16:05:44
Might as well remove this comment since it no long
aberent
2015/11/06 13:57:34
Done. Actually rewrote the whole comment.
| |
43 // and just copy into the URLSecurityManager? | 42 // and just copy into the URLSecurityManager? |
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default, | 43 static URLSecurityManager* Create(); |
45 const HttpAuthFilter* whitelist_delegate); | |
46 | 44 |
47 // Returns true if we can send the default credentials to the server at | 45 // Returns true if we can send the default credentials to the server at |
48 // |auth_origin| for HTTP NTLM or Negotiate authentication. | 46 // |auth_origin| for HTTP NTLM or Negotiate authentication. |
49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; | 47 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; |
50 | 48 |
51 // Returns true if Kerberos delegation is allowed for the server at | 49 // Returns true if Kerberos delegation is allowed for the server at |
52 // |auth_origin| for HTTP Negotiate authentication. | 50 // |auth_origin| for HTTP Negotiate authentication. |
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0; | 51 virtual bool CanDelegate(const GURL& auth_origin) const = 0; |
54 | 52 |
53 virtual void SetDefaultWhitelist( | |
54 scoped_ptr<HttpAuthFilter> whitelist_default) = 0; | |
55 virtual void SetDelegateWhitelist( | |
56 scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0; | |
57 | |
55 private: | 58 private: |
56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); | 59 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); |
57 }; | 60 }; |
58 | 61 |
59 class URLSecurityManagerWhitelist : public URLSecurityManager { | 62 class URLSecurityManagerWhitelist : public URLSecurityManager { |
60 public: | 63 public: |
61 // The URLSecurityManagerWhitelist takes ownership of the whitelists. | 64 URLSecurityManagerWhitelist(); |
62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default, | |
63 const HttpAuthFilter* whitelist_delegation); | |
64 ~URLSecurityManagerWhitelist() override; | 65 ~URLSecurityManagerWhitelist() override; |
65 | 66 |
66 // URLSecurityManager methods. | 67 // URLSecurityManager methods. |
67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; | 68 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; |
68 bool CanDelegate(const GURL& auth_origin) const override; | 69 bool CanDelegate(const GURL& auth_origin) const override; |
70 void SetDefaultWhitelist( | |
71 scoped_ptr<HttpAuthFilter> whitelist_default) override; | |
72 void SetDelegateWhitelist( | |
73 scoped_ptr<HttpAuthFilter> whitelist_delegate) override; | |
74 | |
75 protected: | |
76 bool HasDefaultWhitelist() const; | |
69 | 77 |
70 private: | 78 private: |
71 scoped_ptr<const HttpAuthFilter> whitelist_default_; | 79 scoped_ptr<const HttpAuthFilter> whitelist_default_; |
72 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; | 80 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; |
73 | 81 |
74 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); | 82 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); |
75 }; | 83 }; |
76 | 84 |
77 } // namespace net | 85 } // namespace net |
78 | 86 |
79 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ | 87 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ |
OLD | NEW |