1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
//-----------------------------------------------------------------------
// <copyright file="Saml2AuthorizationDecisionStatement.cs" company="Microsoft">
// Copyright (c) Microsoft Corporation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace System.IdentityModel.Tokens
{
using System;
using System.Collections.Generic;
using System.Collections.ObjectModel;
/// <summary>
/// Represents the AuthzDecisionStatement specified in [Saml2Core, 2.7.4].
/// </summary>
public class Saml2AuthorizationDecisionStatement : Saml2Statement
{
/// <summary>
/// The empty URI reference, which may be used with the meaning
/// "the start of the current document" for the Resource property.
/// </summary>
public static readonly Uri EmptyResource = new Uri(string.Empty, UriKind.Relative);
private Collection<Saml2Action> actions = new Collection<Saml2Action>();
private Saml2Evidence evidence;
private SamlAccessDecision decision;
private Uri resource;
/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision)
: this(resource, decision, null)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="Saml2AuthorizationDecisionStatement"/> class from
/// a resource and decision.
/// </summary>
/// <param name="resource">The <see cref="Uri"/> of the resource to be authorized.</param>
/// <param name="decision">The <see cref="SamlAccessDecision"/> in use.</param>
/// <param name="actions">Collection of <see cref="Saml2Action"/> specifications.</param>
public Saml2AuthorizationDecisionStatement(Uri resource, SamlAccessDecision decision, IEnumerable<Saml2Action> actions)
{
if (null == resource)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("resource");
}
// This check is making sure the resource is either a well-formed absolute uri or
// an empty relative uri before passing through to the rest of the constructor.
if (!(resource.IsAbsoluteUri || resource.Equals(EmptyResource)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("resource", SR.GetString(SR.ID4121));
}
if (decision < SamlAccessDecision.Permit || decision > SamlAccessDecision.Indeterminate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("decision"));
}
this.resource = resource;
this.decision = decision;
if (null != actions)
{
foreach (Saml2Action action in actions)
{
this.actions.Add(action);
}
}
}
/// <summary>
/// Gets of set the set of <see cref="Saml2Action"/> authorized to be performed on the specified
/// resource. [Saml2Core, 2.7.4]
/// </summary>
public Collection<Saml2Action> Actions
{
get { return this.actions; }
}
/// <summary>
/// Gets or sets the <see cref="SamlAccessDecision"/> rendered by the SAML authority with respect to the
/// specified resource. [Saml2Core, 2.7.4]
/// </summary>
public SamlAccessDecision Decision
{
get
{
return this.decision;
}
set
{
if (value < SamlAccessDecision.Permit || value > SamlAccessDecision.Indeterminate)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new ArgumentOutOfRangeException("value"));
}
this.decision = value;
}
}
/// <summary>
/// Gets or sets a set of <see cref="Saml2Evidence"/> that the SAML authority relied on in making
/// the decision. [Saml2Core, 2.7.4]
/// </summary>
public Saml2Evidence Evidence
{
get { return this.evidence; }
set { this.evidence = value; }
}
/// <summary>
/// Gets or sets a URI reference identifying the resource to which access
/// authorization is sought. [Saml2Core, 2.7.4]
/// </summary>
/// <remarks>
/// In addition to any absolute URI, the Resource may also be the
/// empty URI reference, and the meaning is defined to be "the start
/// of the current document". [Saml2Core, 2.7.4]
/// </remarks>
public Uri Resource
{
get
{
return this.resource;
}
set
{
if (null == value)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgumentNull("value");
}
if (!(value.IsAbsoluteUri || value.Equals(EmptyResource)))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument("value", SR.GetString(SR.ID4121));
}
this.resource = value;
}
}
}
}
|
