Package org.apereo.cas.services
This package is contains classes related to the restriction of CAS usage to a particular set of services. This is accomplished via a combination of registries and interceptors.
The ServiceRegistry, with its default implementation of DefaultServiceRegistry contains the list of RegisteredServices allowed to access CAS. This list is periodically refreshed via the ServiceRegistryReloader.
CAS itself is protected by a group of interceptors found in the subpackage advice.
- Since:
- 3.0
-
Class Summary Class Description AbstractRegisteredService Base class for mutable, persistable registered services.AnonymousRegisteredServiceUsernameAttributeProvider Generates a persistent id as username for anonymous service access.BaseDistributedCacheManager<K extends java.io.Serializable,V extends org.apereo.cas.DistributedCacheObject> This isBaseDistributedCacheManager
.BaseRegisteredServiceUsernameAttributeProvider DefaultRegisteredServiceAccessStrategy This isDefaultRegisteredServiceAccessStrategy
that allows the following rules: A service may be disallowed to use CAS for authentication A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required. A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.DefaultRegisteredServiceContact DefaultRegisteredServiceDelegatedAuthenticationPolicy DefaultRegisteredServiceExpirationPolicy DefaultRegisteredServiceMultifactorPolicy DefaultRegisteredServiceProperty TheDefaultRegisteredServiceProperty
represents a single property associated with a registered service.DefaultRegisteredServiceUsernameProvider Resolves the username for the service to be the default principal id.GroovyRegisteredServiceAccessStrategy GroovyRegisteredServiceMultifactorPolicy GroovyRegisteredServiceUsernameProvider Resolves the username for the service to be the default principal id.NoOpDistributedCacheManager This isNoOpDistributedCacheManager
.PrincipalAttributeRegisteredServiceUsernameProvider Determines the username for this registered service based on a principal attribute.RefuseRegisteredServiceProxyPolicy A proxy policy that disallows proxying.RegexMatchingRegisteredServiceProxyPolicy A proxy policy that only allows proxying to pgt urls that match the specified regex pattern.RegexRegisteredService Mutable registered service that uses Java regular expressions for service matching.RegisteredServiceAccessStrategyAuditableEnforcer RegisteredServiceAccessStrategyUtils This isRegisteredServiceAccessStrategyUtils
that encapsulates common operations relevant to registered service access strategy and authorizations.RegisteredServicePublicKeyImpl Represents a public key for a CAS registered service.RegisteredServicesEventListener This isRegisteredServicesEventListener
.RemoteEndpointServiceAccessStrategy This isRemoteEndpointServiceAccessStrategy
that reaches out to a remote endpoint, passing the CAS principal id to determine if access is allowed.ScriptedRegisteredServiceUsernameProvider TimeBasedRegisteredServiceAccessStrategy TheTimeBasedRegisteredServiceAccessStrategy
is responsible for enforcing CAS authorization strategy based on a configured start/end time.