OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ | 5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ |
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ | 6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
11 #include "net/http/http_auth_filter.h" | |
11 | 12 |
12 class GURL; | 13 class GURL; |
13 | 14 |
14 namespace net { | 15 namespace net { |
15 | 16 |
16 class HttpAuthFilter; | |
17 | |
18 // The URL security manager controls the policies (allow, deny, prompt user) | 17 // The URL security manager controls the policies (allow, deny, prompt user) |
19 // regarding URL actions (e.g., sending the default credentials to a server). | 18 // regarding URL actions (e.g., sending the default credentials to a server). |
20 class NET_EXPORT URLSecurityManager { | 19 class NET_EXPORT URLSecurityManager { |
21 public: | 20 public: |
22 URLSecurityManager() {} | 21 URLSecurityManager() {} |
23 virtual ~URLSecurityManager() {} | 22 virtual ~URLSecurityManager() {} |
24 | 23 |
25 // Creates a platform-dependent instance of URLSecurityManager. | 24 // Creates a platform-dependent instance of URLSecurityManager. |
26 // | 25 // |
27 // |whitelist_default| is the whitelist of servers that default credentials | 26 // A security manager has two whitelists, a "default whitelist" that is a |
28 // can be used with during NTLM or Negotiate authentication. If | 27 // whitelist of servers with which default credentials can be used, and a |
29 // |whitelist_default| is NULL and the platform is Windows, it indicates | 28 // "delegate whitelist" that is the whitelist of servers that are allowed to |
29 // have delegated Kerberos tickets. | |
30 // | |
31 // On creation both whitelists are NULL. | |
32 // | |
33 // If the default whitelist is NULL and the platform is Windows, it indicates | |
30 // that security zone mapping should be used to determine whether default | 34 // that security zone mapping should be used to determine whether default |
31 // credentials sxhould be used. If |whitelist_default| is NULL and the | 35 // credentials sxhould be used. If the default whitelist is NULL and the |
asanka
2015/11/10 15:48:06
*should
aberent
2015/11/13 17:46:32
Done.
| |
32 // platform is non-Windows, it indicates that no servers should be | 36 // platform is non-Windows, it indicates that no servers should be |
33 // whitelisted. | 37 // whitelisted. |
34 // | 38 // |
35 // |whitelist_delegate| is the whitelist of servers that are allowed | 39 // If the delegate whitelist is NULL no servers can have delegated Kerberos |
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, | 40 // tickets. |
37 // no servers can have delegated Kerberos tickets. | |
38 // | 41 // |
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by | 42 static URLSecurityManager* Create(); |
40 // the created URLSecurityManager. | |
41 // | |
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter | |
43 // and just copy into the URLSecurityManager? | |
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default, | |
45 const HttpAuthFilter* whitelist_delegate); | |
46 | 43 |
47 // Returns true if we can send the default credentials to the server at | 44 // Returns true if we can send the default credentials to the server at |
48 // |auth_origin| for HTTP NTLM or Negotiate authentication. | 45 // |auth_origin| for HTTP NTLM or Negotiate authentication. |
49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; | 46 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; |
50 | 47 |
51 // Returns true if Kerberos delegation is allowed for the server at | 48 // Returns true if Kerberos delegation is allowed for the server at |
52 // |auth_origin| for HTTP Negotiate authentication. | 49 // |auth_origin| for HTTP Negotiate authentication. |
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0; | 50 virtual bool CanDelegate(const GURL& auth_origin) const = 0; |
54 | 51 |
52 virtual void SetDefaultWhitelist( | |
53 scoped_ptr<HttpAuthFilter> whitelist_default) = 0; | |
54 virtual void SetDelegateWhitelist( | |
55 scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0; | |
56 | |
55 private: | 57 private: |
56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); | 58 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); |
57 }; | 59 }; |
58 | 60 |
59 class URLSecurityManagerWhitelist : public URLSecurityManager { | 61 class URLSecurityManagerWhitelist : public URLSecurityManager { |
60 public: | 62 public: |
61 // The URLSecurityManagerWhitelist takes ownership of the whitelists. | 63 URLSecurityManagerWhitelist(); |
62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default, | |
63 const HttpAuthFilter* whitelist_delegation); | |
64 ~URLSecurityManagerWhitelist() override; | 64 ~URLSecurityManagerWhitelist() override; |
65 | 65 |
66 // URLSecurityManager methods. | 66 // URLSecurityManager methods. |
67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; | 67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; |
68 bool CanDelegate(const GURL& auth_origin) const override; | 68 bool CanDelegate(const GURL& auth_origin) const override; |
69 void SetDefaultWhitelist( | |
70 scoped_ptr<HttpAuthFilter> whitelist_default) override; | |
71 void SetDelegateWhitelist( | |
72 scoped_ptr<HttpAuthFilter> whitelist_delegate) override; | |
73 | |
74 protected: | |
75 bool HasDefaultWhitelist() const; | |
69 | 76 |
70 private: | 77 private: |
71 scoped_ptr<const HttpAuthFilter> whitelist_default_; | 78 scoped_ptr<const HttpAuthFilter> whitelist_default_; |
72 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; | 79 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; |
73 | 80 |
74 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); | 81 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); |
75 }; | 82 }; |
76 | 83 |
77 } // namespace net | 84 } // namespace net |
78 | 85 |
79 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ | 86 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ |
OLD | NEW |