EnforceAuthRules Class Reference

#include <EnforceAuthRules.h>

Inheritance diagram for EnforceAuthRules:

Detailed Description

Enforces the rules specified by authrules.xml.

This is an AuthRules plugin called by SipRouter to enforce rules based on the target uri and the permissions of the caller.

Public Member Functions

virtual ~EnforceAuthRules ()

destructor

virtual AuthResult authorizeAndModify (const UtlString &id, const Url &requestUri, RouteState &routeState, const UtlString &method, AuthResult priorResult, SipMessage &request, bool bSpiralingRequest, UtlString &reason)

Called for any request - enforces the restrictions specified by authrules.

virtual void readConfig (OsConfigDb &configDb)

Read (or re-read) the authorization rules.

Protected Member Functions

bool isAuthorized (const ResultSet &requiredPermissions, const ResultSet &grantedPermissions, UtlString &matchedPermission, UtlString &unmatchedPermissions)

Private Member Functions

EnforceAuthRules (const UtlString &instanceName)

Constructor - private so that only the factory can call it.

Private Attributes

OsRWMutex mRulesLock

AuthRulesUrlMapping * mpAuthorizationRules

Friends

class EnforceAuthRulesTest

AuthPlugin * getAuthPlugin (const UtlString &name)

Factory used by PluginHooks to dynamically link the plugin instance.

Constructor & Destructor Documentation

~EnforceAuthRules ( ) [virtual]

destructor

EnforceAuthRules ( const UtlString & instanceName ) [private]

Constructor - private so that only the factory can call it.

constructor

Parameters:

instanceName

the configured name for this plugin instance

Member Function Documentation

AuthPlugin::AuthResult authorizeAndModify	(	const UtlString &	id,
		const Url &	requestUri,
		RouteState &	routeState,
		const UtlString &	method,
		AuthResult	priorResult,
		SipMessage &	request,
		bool	bSpiralingRequest,
		UtlString &	reason
	)			`[virtual]`

Called for any request - enforces the restrictions specified by authrules.

This plugin uses one state parameter to record that the dialog has already been processed by authrules; it does not have any value. If that parameter is present in a request and routeState::isMutable returns false, then this method does not evaluate the authrules, it just returns ALLOW.

If the state parameter is not found, or routeState::isMutable returns true (indicating that this not an in-dialog request), then the authrules are evaluated.

If the rules allow the request, the state parameter is set to record that and ALLOW is returned.
If the rules do not allow the request, this method sets the reason phrase to describe what permission is needed for the request to succeed and returns DENY.

Parameters:

id	The authenticated identity of the request originator, if any (the null string if not). This is in the form of a SIP uri identity value as used in the credentials database (user) without the scheme or any parameters.
requestUri	parsed target Uri
routeState	the state for this request.
method	the request method
priorResult	results from earlier plugins.
request	see AuthPlugin regarding modifying
bSpiralingRequest	request spiraling indication
reason	rejection reason

Implements AuthPlugin.

void readConfig ( OsConfigDb & configDb ) [virtual]

Read (or re-read) the authorization rules.

Note:: The parent service may call the readConfig method at any time to indicate that the configuration may have changed. The plugin should reinitialize itself based on the configuration that exists when this is called. The fact that it is a subhash means that whatever prefix is used to identify the plugin (see PluginHooks) has been removed (see the examples in PluginHooks::readConfig).

Parameters:

configDb

a subhash of the individual configuration parameters for this instance of this plugin.

Implements AuthPlugin.

bool isAuthorized	(	const ResultSet &	requiredPermissions,
		const ResultSet &	grantedPermissions,
		UtlString &	matchedPermission,
		UtlString &	unmatchedPermissions
	)			`[protected]`

Returns:: true iff at least one permission in grantedPermissions is in requiredPermissions

Parameters:

matchedPermission	first required permission found
unmatchedPermissions	requiredPermissions as a single string

Friends And Related Function Documentation

friend class EnforceAuthRulesTest [friend]

AuthPlugin* getAuthPlugin ( const UtlString & name ) [friend]

Factory used by PluginHooks to dynamically link the plugin instance.

Member Data Documentation

OsRWMutex mRulesLock [private]

AuthRulesUrlMapping* mpAuthorizationRules [private]

EnforceAuthRules Class Reference

Detailed Description

Public Member Functions

Protected Member Functions

Private Member Functions

Private Attributes

Friends

Constructor & Destructor Documentation

Member Function Documentation

Friends And Related Function Documentation

Member Data Documentation

Online Library Docs

sipXecs home page


Public Member Functions
virtual	~EnforceAuthRules ()
	destructor
virtual AuthResult	authorizeAndModify (const UtlString &id, const Url &requestUri, RouteState &routeState, const UtlString &method, AuthResult priorResult, SipMessage &request, bool bSpiralingRequest, UtlString &reason)
	Called for any request - enforces the restrictions specified by authrules.
virtual void	readConfig (OsConfigDb &configDb)
	Read (or re-read) the authorization rules.
Protected Member Functions
bool	isAuthorized (const ResultSet &requiredPermissions, const ResultSet &grantedPermissions, UtlString &matchedPermission, UtlString &unmatchedPermissions)
Private Member Functions
	EnforceAuthRules (const UtlString &instanceName)
	Constructor - private so that only the factory can call it.
Private Attributes
OsRWMutex	mRulesLock
AuthRulesUrlMapping *	mpAuthorizationRules
Friends
class	EnforceAuthRulesTest
AuthPlugin *	getAuthPlugin (const UtlString &name)
	Factory used by PluginHooks to dynamically link the plugin instance.