Allow dynamic updating of authentication policies

net/http/url_security_manager.h

Index: net/http/url_security_manager.h
diff --git a/net/http/url_security_manager.h b/net/http/url_security_manager.h
index c0d93a23296cd0510dd839073b1ed2b028ab6b48..2333f5dd52ff93b4f40bef179e1f70fe60d6ef3c 100644
--- a/net/http/url_security_manager.h
+++ b/net/http/url_security_manager.h
@@ -8,13 +8,12 @@
 #include "base/basictypes.h"
 #include "base/memory/scoped_ptr.h"
 #include "net/base/net_export.h"
+#include "net/http/http_auth_filter.h"
 
 class GURL;
 
 namespace net {
 
-class HttpAuthFilter;
-
 // The URL security manager controls the policies (allow, deny, prompt user)
 // regarding URL actions (e.g., sending the default credentials to a server).
 class NET_EXPORT URLSecurityManager {
@@ -24,25 +23,23 @@ class NET_EXPORT URLSecurityManager {
 
   // Creates a platform-dependent instance of URLSecurityManager.
   //
-  // |whitelist_default| is the whitelist of servers that default credentials
-  // can be used with during NTLM or Negotiate authentication. If
-  // |whitelist_default| is NULL and the platform is Windows, it indicates
+  // A security manager has two whitelists, a "default whitelist" that is a
+  // whitelist of servers with which default credentials can be used, and a
+  // "delegate whitelist" that is the whitelist of servers that are allowed to
+  // have delegated Kerberos tickets.
+  //
+  // On creation both whitelists are NULL.
+  //
+  // If the default whitelist is NULL and the platform is Windows, it indicates
   // that security zone mapping should be used to determine whether default
-  // credentials sxhould be used. If |whitelist_default| is NULL and the
+  // credentials sxhould be used. If the default whitelist is NULL and the

[asanka, 2015/11/10 15:48:06]

*should

[aberent, 2015/11/13 17:46:32]

Done.

   // platform is non-Windows, it indicates that no servers should be
   // whitelisted.
   //
-  // |whitelist_delegate| is the whitelist of servers that are allowed
-  // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL,
-  // no servers can have delegated Kerberos tickets.
+  // If the delegate whitelist is NULL no servers can have delegated Kerberos
+  // tickets.
   //
-  // Both |whitelist_default| and |whitelist_delegate| will be owned by
-  // the created URLSecurityManager.
-  //
-  // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
-  //                 and just copy into the URLSecurityManager?
-  static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
-                                    const HttpAuthFilter* whitelist_delegate);
+  static URLSecurityManager* Create();
 
   // Returns true if we can send the default credentials to the server at
   // |auth_origin| for HTTP NTLM or Negotiate authentication.
@@ -52,20 +49,30 @@ class NET_EXPORT URLSecurityManager {
   // |auth_origin| for HTTP Negotiate authentication.
   virtual bool CanDelegate(const GURL& auth_origin) const = 0;
 
+  virtual void SetDefaultWhitelist(
+      scoped_ptr<HttpAuthFilter> whitelist_default) = 0;
+  virtual void SetDelegateWhitelist(
+      scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0;
+
  private:
   DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
 };
 
 class URLSecurityManagerWhitelist : public URLSecurityManager {
  public:
-  // The URLSecurityManagerWhitelist takes ownership of the whitelists.
-  URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
-                              const HttpAuthFilter* whitelist_delegation);
+  URLSecurityManagerWhitelist();
   ~URLSecurityManagerWhitelist() override;
 
   // URLSecurityManager methods.
   bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
   bool CanDelegate(const GURL& auth_origin) const override;
+  void SetDefaultWhitelist(
+      scoped_ptr<HttpAuthFilter> whitelist_default) override;
+  void SetDelegateWhitelist(
+      scoped_ptr<HttpAuthFilter> whitelist_delegate) override;
+
+ protected:
+  bool HasDefaultWhitelist() const;
 
  private:
   scoped_ptr<const HttpAuthFilter> whitelist_default_;