Interface CentralAuthenticationService
-
public interface CentralAuthenticationService
CAS viewed as a set of services to generate and validate Tickets.This is the interface between a Web HTML, Web Services, RMI, or any other request processing layer and the CAS Service viewed as a mechanism to generate, store, validate, and retrieve Tickets containing Authentication information. The features of the request processing layer (the HttpXXX Servlet objects) are not visible here or in any modules behind this layer. In theory, a standalone application could call these methods directly as a private authentication service.
- Since:
- 3.0.0
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
NAMESPACE
CAS namespace.
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description org.apereo.cas.ticket.Ticket
addTicket(org.apereo.cas.ticket.Ticket ticket)
Add the ticket instance in the underlying storage mechanism.org.apereo.cas.ticket.proxy.ProxyGrantingTicket
createProxyGrantingTicket(java.lang.String serviceTicketId, org.apereo.cas.authentication.AuthenticationResult authenticationResult)
Delegate aTicketGrantingTicket
to a Service for proxying authentication to other Services.org.apereo.cas.ticket.TicketGrantingTicket
createTicketGrantingTicket(org.apereo.cas.authentication.AuthenticationResult authenticationResult)
Create aTicketGrantingTicket
by authenticating credentials.int
deleteTicket(java.lang.String ticketId)
Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it.default void
deleteTicket(org.apereo.cas.ticket.Ticket ticket)
Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it.org.apereo.cas.ticket.Ticket
getTicket(java.lang.String ticketId)
Obtains the given ticket by its id and returns the CAS-representative object.<T extends org.apereo.cas.ticket.Ticket>
TgetTicket(java.lang.String ticketId, java.lang.Class<T> clazz)
Obtains the given ticket by its id and type and returns the CAS-representative object.java.util.Collection<org.apereo.cas.ticket.Ticket>
getTickets(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
Retrieve a collection of tickets from the underlying ticket registry.org.apereo.cas.ticket.proxy.ProxyTicket
grantProxyTicket(java.lang.String proxyGrantingTicket, org.apereo.cas.authentication.principal.Service service)
Grant aProxyTicket
that may be used to access the given service by authenticating the given credentials.org.apereo.cas.ticket.ServiceTicket
grantServiceTicket(java.lang.String ticketGrantingTicketId, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.authentication.AuthenticationResult authenticationResult)
Grant aServiceTicket
that may be used to access the given service by authenticating the given credentials.org.apereo.cas.ticket.Ticket
updateTicket(org.apereo.cas.ticket.Ticket ticket)
Updates the ticket instance in the underlying storage mechanism.org.apereo.cas.validation.Assertion
validateServiceTicket(java.lang.String serviceTicketId, org.apereo.cas.authentication.principal.Service service)
Validate aServiceTicket
for a particular Service.
-
-
-
Method Detail
-
createTicketGrantingTicket
org.apereo.cas.ticket.TicketGrantingTicket createTicketGrantingTicket(org.apereo.cas.authentication.AuthenticationResult authenticationResult) throws org.apereo.cas.authentication.AuthenticationException, org.apereo.cas.ticket.AbstractTicketException
Create aTicketGrantingTicket
by authenticating credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.- Parameters:
authenticationResult
- the current authentication result in order to create the ticket.- Returns:
- Non -null ticket-granting ticket identifier.
- Throws:
org.apereo.cas.authentication.AuthenticationException
- on errors authenticating the credentialsorg.apereo.cas.ticket.AbstractTicketException
- if ticket cannot be created
-
updateTicket
org.apereo.cas.ticket.Ticket updateTicket(org.apereo.cas.ticket.Ticket ticket)
Updates the ticket instance in the underlying storage mechanism. The properties of a given ticket, such as its authentication attributes may have changed during various legs of the authentication flow.- Parameters:
ticket
- the ticket- Returns:
- the updated ticket
- Since:
- 5.0.0
-
addTicket
org.apereo.cas.ticket.Ticket addTicket(org.apereo.cas.ticket.Ticket ticket)
Add the ticket instance in the underlying storage mechanism.- Parameters:
ticket
- the ticket- Returns:
- the updated ticket
- Since:
- 6.2.0
-
getTicket
org.apereo.cas.ticket.Ticket getTicket(java.lang.String ticketId) throws org.apereo.cas.ticket.InvalidTicketException
Obtains the given ticket by its id and returns the CAS-representative object. Implementations need to check for the validity of the ticket by making sure it exists and has not expired yet, etc. This method is specifically designed to remove the need to access the ticket registry.- Parameters:
ticketId
- the ticket granting ticket id- Returns:
- the ticket object
- Throws:
org.apereo.cas.ticket.InvalidTicketException
- the invalid ticket exception- Since:
- 5.0.0
-
getTicket
<T extends org.apereo.cas.ticket.Ticket> T getTicket(java.lang.String ticketId, java.lang.Class<T> clazz) throws org.apereo.cas.ticket.InvalidTicketException
Obtains the given ticket by its id and type and returns the CAS-representative object. Implementations need to check for the validity of the ticket by making sure it exists and has not expired yet, etc. This method is specifically designed to remove the need to access the ticket registry.- Type Parameters:
T
- the generic ticket type to return that extendsTicket
- Parameters:
ticketId
- the ticket granting ticket idclazz
- the ticket type that is requested to be found- Returns:
- the ticket object
- Throws:
org.apereo.cas.ticket.InvalidTicketException
- the invalid ticket exception- Since:
- 4.1.0
-
deleteTicket
int deleteTicket(java.lang.String ticketId)
Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it. The ticket id can be associated with any ticket type that is valid and understood by CAS and the underlying ticket store; however some special cases require that you invoke the appropriate operation when destroying tickets.- Parameters:
ticketId
- the ticket id- Returns:
- count of deleted tickets
-
deleteTicket
default void deleteTicket(org.apereo.cas.ticket.Ticket ticket)
Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it. The ticket id can be associated with any ticket type that is valid and understood by CAS and the underlying ticket store.- Parameters:
ticket
- the ticket id
-
getTickets
java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
Retrieve a collection of tickets from the underlying ticket registry. The retrieval operation must pass the predicate check that is solely used to filter the collection of tickets received. Implementations can use the predicate to request a collection of expired tickets, or tickets whose id matches a certain pattern, etc. The resulting collection will include tickets that have been evaluated by the predicate.- Parameters:
predicate
- the predicate- Returns:
- the tickets
- Since:
- 4.1.0
-
grantServiceTicket
org.apereo.cas.ticket.ServiceTicket grantServiceTicket(java.lang.String ticketGrantingTicketId, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.authentication.AuthenticationResult authenticationResult) throws org.apereo.cas.authentication.AuthenticationException, org.apereo.cas.ticket.AbstractTicketException
Grant aServiceTicket
that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.
- Parameters:
ticketGrantingTicketId
- Proof of prior authentication.service
- The target service of the ServiceTicket.authenticationResult
- The authentication context established if credentials provided- Returns:
- Non -null service ticket identifier.
- Throws:
org.apereo.cas.authentication.AuthenticationException
- on errors authenticating the credentialsorg.apereo.cas.ticket.AbstractTicketException
- if the ticket could not be created.
-
grantProxyTicket
org.apereo.cas.ticket.proxy.ProxyTicket grantProxyTicket(java.lang.String proxyGrantingTicket, org.apereo.cas.authentication.principal.Service service) throws org.apereo.cas.ticket.AbstractTicketException
Grant aProxyTicket
that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.
- Parameters:
proxyGrantingTicket
- Proof of prior authentication.service
- The target service of the ServiceTicket.- Returns:
- Non -null service ticket identifier.
- Throws:
org.apereo.cas.ticket.AbstractTicketException
- if the ticket could not be created.
-
validateServiceTicket
org.apereo.cas.validation.Assertion validateServiceTicket(java.lang.String serviceTicketId, org.apereo.cas.authentication.principal.Service service) throws org.apereo.cas.ticket.AbstractTicketException
Validate aServiceTicket
for a particular Service.- Parameters:
serviceTicketId
- Proof of prior authentication.service
- Service wishing to validate a prior authentication.- Returns:
- Non -null ticket validation assertion.
- Throws:
org.apereo.cas.ticket.AbstractTicketException
- if there was an error validating the ticket.
-
createProxyGrantingTicket
org.apereo.cas.ticket.proxy.ProxyGrantingTicket createProxyGrantingTicket(java.lang.String serviceTicketId, org.apereo.cas.authentication.AuthenticationResult authenticationResult) throws org.apereo.cas.authentication.AuthenticationException, org.apereo.cas.ticket.AbstractTicketException
Delegate aTicketGrantingTicket
to a Service for proxying authentication to other Services.- Parameters:
serviceTicketId
- The service ticket identifier that will delegate to aTicketGrantingTicket
.authenticationResult
- The current authentication context before this ticket can be granted.- Returns:
- Non -null ticket-granting ticket identifier that can grant
ServiceTicket
that proxy authentication. - Throws:
org.apereo.cas.authentication.AuthenticationException
- on errors authenticating the credentialsorg.apereo.cas.ticket.AbstractTicketException
- if there was an error creating the ticket
-
-