Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / net / http / url_security_manager.h
blobc0d93a23296cd0510dd839073b1ed2b028ab6b48
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_HTTP_URL_SECURITY_MANAGER_H_
6 #define NET_HTTP_URL_SECURITY_MANAGER_H_
8 #include "base/basictypes.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "net/base/net_export.h"
12 class GURL;
14 namespace net {
16 class HttpAuthFilter;
18 // The URL security manager controls the policies (allow, deny, prompt user)
19 // regarding URL actions (e.g., sending the default credentials to a server).
20 class NET_EXPORT URLSecurityManager {
21 public:
22 URLSecurityManager() {}
23 virtual ~URLSecurityManager() {}
25 // Creates a platform-dependent instance of URLSecurityManager.
27 // |whitelist_default| is the whitelist of servers that default credentials
28 // can be used with during NTLM or Negotiate authentication. If
29 // |whitelist_default| is NULL and the platform is Windows, it indicates
30 // that security zone mapping should be used to determine whether default
31 // credentials sxhould be used. If |whitelist_default| is NULL and the
32 // platform is non-Windows, it indicates that no servers should be
33 // whitelisted.
35 // |whitelist_delegate| is the whitelist of servers that are allowed
36 // to have Delegated Kerberos tickets. If |whitelist_delegate| is NULL,
37 // no servers can have delegated Kerberos tickets.
39 // Both |whitelist_default| and |whitelist_delegate| will be owned by
40 // the created URLSecurityManager.
42 // TODO(cbentzel): Perhaps it's better to make a non-abstract HttpAuthFilter
43 // and just copy into the URLSecurityManager?
44 static URLSecurityManager* Create(const HttpAuthFilter* whitelist_default,
45 const HttpAuthFilter* whitelist_delegate);
47 // Returns true if we can send the default credentials to the server at
48 // |auth_origin| for HTTP NTLM or Negotiate authentication.
49 virtual bool CanUseDefaultCredentials(const GURL& auth_origin) const = 0;
51 // Returns true if Kerberos delegation is allowed for the server at
52 // |auth_origin| for HTTP Negotiate authentication.
53 virtual bool CanDelegate(const GURL& auth_origin) const = 0;
55 private:
56 DISALLOW_COPY_AND_ASSIGN(URLSecurityManager);
59 class URLSecurityManagerWhitelist : public URLSecurityManager {
60 public:
61 // The URLSecurityManagerWhitelist takes ownership of the whitelists.
62 URLSecurityManagerWhitelist(const HttpAuthFilter* whitelist_default,
63 const HttpAuthFilter* whitelist_delegation);
64 ~URLSecurityManagerWhitelist() override;
66 // URLSecurityManager methods.
67 bool CanUseDefaultCredentials(const GURL& auth_origin) const override;
68 bool CanDelegate(const GURL& auth_origin) const override;
70 private:
71 scoped_ptr<const HttpAuthFilter> whitelist_default_;
72 scoped_ptr<const HttpAuthFilter> whitelist_delegate_;
74 DISALLOW_COPY_AND_ASSIGN(URLSecurityManagerWhitelist);
77 } // namespace net
79 #endif // NET_HTTP_URL_SECURITY_MANAGER_H_