Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(88)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/url_security_manager.h

Issue 1414313002: Allow dynamic updating of authentication policies (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix IOS compile problem - attempt 3 Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/http_auth_unittest.cc ('K') | « net/http/mock_allow_url_security_manager.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ 5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ 6 #define NET_HTTP_URL_SECURITY_MANAGER_H_
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "net/base/net_export.h" 10 #include "net/base/net_export.h"
11 #include "net/http/http_auth_filter.h"
asanka 2015/11/25 19:00:10 scoped_ptr<> can use an incomplete class.
aberent 2015/11/26 15:58:00 Done.
11 12
12 class GURL; 13 class GURL;
13 14
14 namespace net { 15 namespace net {
15 16
16 class HttpAuthFilter;
17
18 // The URL security manager controls the policies (allow, deny, prompt user) 17 // The URL security manager controls the policies (allow, deny, prompt user)
19 // regarding URL actions (e.g., sending the default credentials to a server). 18 // regarding URL actions (e.g., sending the default credentials to a server).
20 class NET_EXPORT URLSecurityManager { 19 class NET_EXPORT_PRIVATE URLSecurityManager {
21 public: 20 public:
22 URLSecurityManager() {} 21 URLSecurityManager() {}
23 virtual ~URLSecurityManager() {} 22 virtual ~URLSecurityManager() {}
24 23
25 // Creates a platform-dependent instance of URLSecurityManager. 24 // Creates a platform-dependent instance of URLSecurityManager.
26 // 25 //
27 // |whitelist_default| is the whitelist of servers that default credentials 26 // A security manager has two whitelists, a "default whitelist" that is a
28 // can be used with during NTLM or Negotiate authentication. If 27 // whitelist of servers with which default credentials can be used, and a
29 // |whitelist_default| is NULL and the platform is Windows, it indicates 28 // "delegate whitelist" that is the whitelist of servers that are allowed to
29 // have delegated Kerberos tickets.
30 //
31 // On creation both whitelists are NULL.
32 //
33 // If the default whitelist is NULL and the platform is Windows, it indicates
30 // that security zone mapping should be used to determine whether default 34 // that security zone mapping should be used to determine whether default
31 // credentials sxhould be used. If |whitelist_default| is NULL and the 35 // credentials should be used. If the default whitelist is NULL and the
32 // platform is non-Windows, it indicates that no servers should be 36 // platform is non-Windows, it indicates that no servers should be
33 // whitelisted. 37 // whitelisted.
34 // 38 //
35 // |whitelist_delegate| is the whitelist of servers that are allowed 39 // If the delegate whitelist is NULL no servers can have delegated Kerberos
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, 40 // tickets.
37 // no servers can have delegated Kerberos tickets.
38 // 41 //
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by 42 static URLSecurityManager* Create();
40 // the created URLSecurityManager.
41 //
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
43 // and just copy into the URLSecurityManager?
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
45 const HttpAuthFilter* whitelist_delegate);
46 43
47 // Returns true if we can send the default credentials to the server at 44 // Returns true if we can send the default credentials to the server at
48 // |auth_origin| for HTTP NTLM or Negotiate authentication. 45 // |auth_origin| for HTTP NTLM or Negotiate authentication.
49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; 46 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
50 47
51 // Returns true if Kerberos delegation is allowed for the server at 48 // Returns true if Kerberos delegation is allowed for the server at
52 // |auth_origin| for HTTP Negotiate authentication. 49 // |auth_origin| for HTTP Negotiate authentication.
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0; 50 virtual bool CanDelegate(const GURL& auth_origin) const = 0;
54 51
52 virtual void SetDefaultWhitelist(
53 scoped_ptr<HttpAuthFilter> whitelist_default) = 0;
54 virtual void SetDelegateWhitelist(
55 scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0;
56
55 private: 57 private:
56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); 58 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
57 }; 59 };
58 60
59 class URLSecurityManagerWhitelist : public URLSecurityManager { 61 class URLSecurityManagerWhitelist : public URLSecurityManager {
60 public: 62 public:
61 // The URLSecurityManagerWhitelist takes ownership of the whitelists. 63 URLSecurityManagerWhitelist();
62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
63 const HttpAuthFilter* whitelist_delegation);
64 ~URLSecurityManagerWhitelist() override; 64 ~URLSecurityManagerWhitelist() override;
65 65
66 // URLSecurityManager methods. 66 // URLSecurityManager methods.
67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; 67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
68 bool CanDelegate(const GURL& auth_origin) const override; 68 bool CanDelegate(const GURL& auth_origin) const override;
69 void SetDefaultWhitelist(
70 scoped_ptr<HttpAuthFilter> whitelist_default) override;
71 void SetDelegateWhitelist(
72 scoped_ptr<HttpAuthFilter> whitelist_delegate) override;
73
74 protected:
75 bool HasDefaultWhitelist() const;
69 76
70 private: 77 private:
71 scoped_ptr<const HttpAuthFilter> whitelist_default_; 78 scoped_ptr<const HttpAuthFilter> whitelist_default_;
72 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; 79 scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
73 80
74 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); 81 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
75 }; 82 };
76 83
77 } // namespace net 84 } // namespace net
78 85
79 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ 86 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_
OLDNEW
« net/http/http_auth_unittest.cc ('K') | « net/http/mock_allow_url_security_manager.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698