Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(187)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/url_security_manager.h

Issue 1414313002: Allow dynamic updating of authentication policies (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Respond to cbentzel@'s comments. Created 5 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/mock_allow_url_security_manager.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_ 5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_ 6 #define NET_HTTP_URL_SECURITY_MANAGER_H_
7 7
8 #include "base/basictypes.h" 8 #include "base/basictypes.h"
9 #include "base/memory/scoped_ptr.h" 9 #include "base/memory/scoped_ptr.h"
10 #include "net/base/net_export.h" 10 #include "net/base/net_export.h"
11 11
12 class GURL; 12 class GURL;
13 13
14 namespace net { 14 namespace net {
15 15
16 class HttpAuthFilter; 16 class HttpAuthFilter;
17 17
18 // The URL security manager controls the policies (allow, deny, prompt user) 18 // The URL security manager controls the policies (allow, deny, prompt user)
19 // regarding URL actions (e.g., sending the default credentials to a server). 19 // regarding URL actions (e.g., sending the default credentials to a server).
20 class NET_EXPORT URLSecurityManager { 20 class NET_EXPORT_PRIVATE URLSecurityManager {
21 public: 21 public:
22 URLSecurityManager() {} 22 URLSecurityManager() {}
23 virtual ~URLSecurityManager() {} 23 virtual ~URLSecurityManager() {}
24 24
25 // Creates a platform-dependent instance of URLSecurityManager. 25 // Creates a platform-dependent instance of URLSecurityManager.
26 // 26 //
27 // |whitelist_default| is the whitelist of servers that default credentials 27 // A security manager has two whitelists, a "default whitelist" that is a
28 // can be used with during NTLM or Negotiate authentication. If 28 // whitelist of servers with which default credentials can be used, and a
29 // |whitelist_default| is NULL and the platform is Windows, it indicates 29 // "delegate whitelist" that is the whitelist of servers that are allowed to
30 // have delegated Kerberos tickets.
31 //
32 // On creation both whitelists are NULL.
33 //
34 // If the default whitelist is NULL and the platform is Windows, it indicates
30 // that security zone mapping should be used to determine whether default 35 // that security zone mapping should be used to determine whether default
31 // credentials sxhould be used. If |whitelist_default| is NULL and the 36 // credentials should be used. If the default whitelist is NULL and the
32 // platform is non-Windows, it indicates that no servers should be 37 // platform is non-Windows, it indicates that no servers should be
33 // whitelisted. 38 // whitelisted.
34 // 39 //
35 // |whitelist_delegate| is the whitelist of servers that are allowed 40 // If the delegate whitelist is NULL no servers can have delegated Kerberos
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL, 41 // tickets.
37 // no servers can have delegated Kerberos tickets.
38 // 42 //
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by 43 static URLSecurityManager* Create();
40 // the created URLSecurityManager.
41 //
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
43 // and just copy into the URLSecurityManager?
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
45 const HttpAuthFilter* whitelist_delegate);
46 44
47 // Returns true if we can send the default credentials to the server at 45 // Returns true if we can send the default credentials to the server at
48 // |auth_origin| for HTTP NTLM or Negotiate authentication. 46 // |auth_origin| for HTTP NTLM or Negotiate authentication.
49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0; 47 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
50 48
51 // Returns true if Kerberos delegation is allowed for the server at 49 // Returns true if Kerberos delegation is allowed for the server at
52 // |auth_origin| for HTTP Negotiate authentication. 50 // |auth_origin| for HTTP Negotiate authentication.
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0; 51 virtual bool CanDelegate(const GURL& auth_origin) const = 0;
54 52
53 virtual void SetDefaultWhitelist(
54 scoped_ptr<HttpAuthFilter> whitelist_default) = 0;
55 virtual void SetDelegateWhitelist(
56 scoped_ptr<HttpAuthFilter> whitelist_delegate) = 0;
57
55 private: 58 private:
56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager); 59 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
57 }; 60 };
58 61
59 class URLSecurityManagerWhitelist : public URLSecurityManager { 62 class URLSecurityManagerWhitelist : public URLSecurityManager {
60 public: 63 public:
61 // The URLSecurityManagerWhitelist takes ownership of the whitelists. 64 URLSecurityManagerWhitelist();
62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
63 const HttpAuthFilter* whitelist_delegation);
64 ~URLSecurityManagerWhitelist() override; 65 ~URLSecurityManagerWhitelist() override;
65 66
66 // URLSecurityManager methods. 67 // URLSecurityManager methods.
67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override; 68 bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
68 bool CanDelegate(const GURL& auth_origin) const override; 69 bool CanDelegate(const GURL& auth_origin) const override;
70 void SetDefaultWhitelist(
71 scoped_ptr<HttpAuthFilter> whitelist_default) override;
72 void SetDelegateWhitelist(
73 scoped_ptr<HttpAuthFilter> whitelist_delegate) override;
74
75 protected:
76 bool HasDefaultWhitelist() const;
69 77
70 private: 78 private:
71 scoped_ptr<const HttpAuthFilter> whitelist_default_; 79 scoped_ptr<const HttpAuthFilter> whitelist_default_;
72 scoped_ptr<const HttpAuthFilter> whitelist_delegate_; 80 scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
73 81
74 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist); 82 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
75 }; 83 };
76 84
77 } // namespace net 85 } // namespace net
78 86
79 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_ 87 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_
OLDNEW
« no previous file with comments | « net/http/mock_allow_url_security_manager.cc ('k') | net/http/url_security_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698