Package org.apereo.cas.services
Class DefaultRegisteredServiceAccessStrategy
- java.lang.Object
-
- org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
-
- All Implemented Interfaces:
java.io.Serializable,org.apereo.cas.services.RegisteredServiceAccessStrategy,org.springframework.core.Ordered
- Direct Known Subclasses:
RemoteEndpointServiceAccessStrategy,TimeBasedRegisteredServiceAccessStrategy
public class DefaultRegisteredServiceAccessStrategy extends java.lang.Object implements org.apereo.cas.services.RegisteredServiceAccessStrategyThis isDefaultRegisteredServiceAccessStrategythat allows the following rules:- A service may be disallowed to use CAS for authentication
- A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
- A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
- Since:
- 4.1
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected booleancaseInsensitiveIndicates whether matching on required attribute values should be done in a case-insensitive manner.protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicydelegatedAuthenticationPolicyThe delegated authn policy.protected booleanenabledIs the service allowed at all?protected intorderThe sorting/execution order of this strategy.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>rejectedAttributesCollection of attributes that will be rejected which will cause this policy to refuse access.protected booleanrequireAllAttributesDefines the attribute aggregation behavior when checking for required attributes.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>requiredAttributesCollection of required attributes for this service to proceed.protected booleanssoEnabledIs the service allowed to use SSO?protected java.net.URIunauthorizedRedirectUrlThe Unauthorized redirect url.
-
Constructor Summary
Constructors Constructor Description DefaultRegisteredServiceAccessStrategy()Instantiates a new Default registered service authorization strategy.DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)Instantiates a new Default registered service authorization strategy.DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Instantiates a new Default registered service access strategy.DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)Instantiates a new Default registered service access strategy.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleandoPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)protected booleandoRejectedAttributesRefusePrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes)Do rejected attributes refuse principal access boolean.protected booleandoRequiredAttributesAllowPrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Do required attributes allow principal access boolean.protected booleanenoughAttributesAvailableToProcess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)Enough attributes available to process? Check collection sizes and determine if we have enough data to move on.protected booleanenoughRequiredAttributesAvailableToProcess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Enough required attributes available to process? Check collection sizes and determine if we have enough data to move on.java.util.Map<java.lang.String,java.util.Set<java.lang.String>>getRequiredAttributes()Expose underlying attributes for auditing purposes.booleanisServiceAccessAllowed()booleanisServiceAccessAllowedForSso()voidpostLoad()Post load.protected booleanrequiredAttributesFoundInMap(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Check whether required attributes are found in the given map.voidsetServiceAccessAllowed(boolean value)
-
-
-
Field Detail
-
order
protected int order
The sorting/execution order of this strategy.
-
enabled
protected boolean enabled
Is the service allowed at all?
-
ssoEnabled
protected boolean ssoEnabled
Is the service allowed to use SSO?
-
unauthorizedRedirectUrl
protected java.net.URI unauthorizedRedirectUrl
The Unauthorized redirect url.
-
delegatedAuthenticationPolicy
protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
The delegated authn policy.
-
requireAllAttributes
protected boolean requireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.
-
requiredAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes
Collection of required attributes for this service to proceed.
-
rejectedAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access.
-
caseInsensitive
protected boolean caseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.
-
-
Constructor Detail
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy()
Instantiates a new Default registered service authorization strategy. By default, rules indicate that services are both enabled and can participate in SSO.
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)Instantiates a new Default registered service authorization strategy.- Parameters:
enabled- the enabledssoEnabled- the sso enabled
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)Instantiates a new Default registered service access strategy.- Parameters:
requiredAttributes- the required attributesrejectedAttributes- the rejected attributes
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Instantiates a new Default registered service access strategy.- Parameters:
requiredAttributes- the required attributes
-
-
Method Detail
-
postLoad
public void postLoad()
Post load.
-
getRequiredAttributes
public java.util.Map<java.lang.String,java.util.Set<java.lang.String>> getRequiredAttributes()
Expose underlying attributes for auditing purposes.- Specified by:
getRequiredAttributesin interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy- Returns:
- required attributes
-
isServiceAccessAllowedForSso
public boolean isServiceAccessAllowedForSso()
- Specified by:
isServiceAccessAllowedForSsoin interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
isServiceAccessAllowed
public boolean isServiceAccessAllowed()
- Specified by:
isServiceAccessAllowedin interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
setServiceAccessAllowed
public void setServiceAccessAllowed(boolean value)
- Specified by:
setServiceAccessAllowedin interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
doPrincipalAttributesAllowServiceAccess
public boolean doPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)- Specified by:
doPrincipalAttributesAllowServiceAccessin interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
doRequiredAttributesAllowPrincipalAccess
protected boolean doRequiredAttributesAllowPrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Do required attributes allow principal access boolean.- Parameters:
principalAttributes- the principal attributesrequiredAttributes- the required attributes- Returns:
- the boolean
-
doRejectedAttributesRefusePrincipalAccess
protected boolean doRejectedAttributesRefusePrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
Do rejected attributes refuse principal access boolean.- Parameters:
principalAttributes- the principal attributes- Returns:
- the boolean
-
enoughAttributesAvailableToProcess
protected boolean enoughAttributesAvailableToProcess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)Enough attributes available to process? Check collection sizes and determine if we have enough data to move on.- Parameters:
principal- the principalprincipalAttributes- the principal attributes- Returns:
- true /false
-
enoughRequiredAttributesAvailableToProcess
protected boolean enoughRequiredAttributesAvailableToProcess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Enough required attributes available to process? Check collection sizes and determine if we have enough data to move on.- Parameters:
principalAttributes- the principal attributesrequiredAttributes- the required attributes- Returns:
- true /false
-
requiredAttributesFoundInMap
protected boolean requiredAttributesFoundInMap(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)Check whether required attributes are found in the given map.- Parameters:
principalAttributes- the principal attributesrequiredAttributes- the attributes- Returns:
- the boolean
-
-