Package org.apereo.cas.configuration.model.core.authentication

Class PrincipalAttributesCoreProperties

java.lang.Object
org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties
All Implemented Interfaces:
Serializable
@RequiresModule(name="cas-server-core-authentication", automated=true) public class PrincipalAttributesCoreProperties extends Object implements Serializable
This is PrincipalAttributesCoreProperties.
Since:
6.4.0
See Also:

  • Constructor Details

    • PrincipalAttributesCoreProperties

      public PrincipalAttributesCoreProperties()

  • Method Details

    • getExpirationTime

      public int getExpirationTime()
      Indicates the global cache expiration period, once attributes are fetched from the underlying attribute repository. A zero or negative value indicates that no attribute caching should take place where attributes must always be fetched from the source.

    • getExpirationTimeUnit

      public String getExpirationTimeUnit()
      Expiration caching time unit for attributes.

    • getMaximumCacheSize

      public int getMaximumCacheSize()
      Indicates the global cache size used to store attributes retrieved from the attribute repository.

    • isRecoverExceptions

      public boolean isRecoverExceptions()
      Recover from LDAP exceptions and continue with partial results. Otherwise, die and do not allow to log in.

    • isStopCascadingWhenNoInitialResults

      public boolean isStopCascadingWhenNoInitialResults()
      When aggregation is set to PrincipalAttributesCoreProperties.AggregationStrategyTypes.CASCADE, this setting controls whether subsequent attribute repositories need to be contacted for person attributes, if the first attribute repository's query does not produce any results.

    • getMerger

      public PrincipalAttributesCoreProperties.MergingStrategyTypes getMerger()
      Merging strategies can be used to resolve conflicts when the same attributes are found from multiple sources. A merging strategy is used to handle conflicts for both principal attributes as well as those that are captured by the authentication attempt. Conflicts arise when the multiple attribute sources or repositories produce the same attribute with the same name, or when there are multiple legs in an authentication flow that produce the same attribute as authentication metadata for each leg of the attempt (i.e. when going through MFA flows).

    • getAggregation

      public PrincipalAttributesCoreProperties.AggregationStrategyTypes getAggregation()
      Indicates how the results of multiple attribute repositories should be aggregated together.

    • isRequireAllRepositorySources

      public boolean isRequireAllRepositorySources()
      In the event that multiple attribute repositories are defined, setting this option to true forces all repositories to produce a person object. If any of the repositories fails to produce a person or person attributes, the resolution engine will halt to short-circuit the process, failing to resolve the person altogether.

    • getDefaultAttributesToRelease

      public Set<String> getDefaultAttributesToRelease()
      CAS provides the ability to release a bundle of principal attributes to all services by default. This bundle is not defined on a per-service basis and is always combined with attributes produced by the specific release policy of the service, such that for instance, you can devise rules to always release givenName and cn to every application, and additionally allow other specific principal attributes for only some applications per their attribute release policy.

    • setExpirationTime

      public PrincipalAttributesCoreProperties setExpirationTime(int expirationTime)
      Indicates the global cache expiration period, once attributes are fetched from the underlying attribute repository. A zero or negative value indicates that no attribute caching should take place where attributes must always be fetched from the source.
      Returns:
      this.

    • setExpirationTimeUnit

      public PrincipalAttributesCoreProperties setExpirationTimeUnit(String expirationTimeUnit)
      Expiration caching time unit for attributes.
      Returns:
      this.

    • setMaximumCacheSize

      public PrincipalAttributesCoreProperties setMaximumCacheSize(int maximumCacheSize)
      Indicates the global cache size used to store attributes retrieved from the attribute repository.
      Returns:
      this.

    • setRecoverExceptions

      public PrincipalAttributesCoreProperties setRecoverExceptions(boolean recoverExceptions)
      Recover from LDAP exceptions and continue with partial results. Otherwise, die and do not allow to log in.
      Returns:
      this.

    • setStopCascadingWhenNoInitialResults

      public PrincipalAttributesCoreProperties setStopCascadingWhenNoInitialResults(boolean stopCascadingWhenNoInitialResults)
      When aggregation is set to PrincipalAttributesCoreProperties.AggregationStrategyTypes.CASCADE, this setting controls whether subsequent attribute repositories need to be contacted for person attributes, if the first attribute repository's query does not produce any results.
      Returns:
      this.

    • setMerger

      public PrincipalAttributesCoreProperties setMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes merger)
      Merging strategies can be used to resolve conflicts when the same attributes are found from multiple sources. A merging strategy is used to handle conflicts for both principal attributes as well as those that are captured by the authentication attempt. Conflicts arise when the multiple attribute sources or repositories produce the same attribute with the same name, or when there are multiple legs in an authentication flow that produce the same attribute as authentication metadata for each leg of the attempt (i.e. when going through MFA flows).
      Returns:
      this.

    • setAggregation

      public PrincipalAttributesCoreProperties setAggregation(PrincipalAttributesCoreProperties.AggregationStrategyTypes aggregation)
      Indicates how the results of multiple attribute repositories should be aggregated together.
      Returns:
      this.

    • setRequireAllRepositorySources

      public PrincipalAttributesCoreProperties setRequireAllRepositorySources(boolean requireAllRepositorySources)
      In the event that multiple attribute repositories are defined, setting this option to true forces all repositories to produce a person object. If any of the repositories fails to produce a person or person attributes, the resolution engine will halt to short-circuit the process, failing to resolve the person altogether.
      Returns:
      this.

    • setDefaultAttributesToRelease

      public PrincipalAttributesCoreProperties setDefaultAttributesToRelease(Set<String> defaultAttributesToRelease)
      CAS provides the ability to release a bundle of principal attributes to all services by default. This bundle is not defined on a per-service basis and is always combined with attributes produced by the specific release policy of the service, such that for instance, you can devise rules to always release givenName and cn to every application, and additionally allow other specific principal attributes for only some applications per their attribute release policy.
      Returns:
      this.