Package org.apereo.cas.services
Class DefaultRegisteredServiceAccessStrategy
- java.lang.Object
-
- org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
-
- All Implemented Interfaces:
java.io.Serializable
,org.apereo.cas.services.RegisteredServiceAccessStrategy
,org.springframework.core.Ordered
- Direct Known Subclasses:
RemoteEndpointServiceAccessStrategy
,TimeBasedRegisteredServiceAccessStrategy
public class DefaultRegisteredServiceAccessStrategy extends java.lang.Object implements org.apereo.cas.services.RegisteredServiceAccessStrategy
This isDefaultRegisteredServiceAccessStrategy
that allows the following rules:- A service may be disallowed to use CAS for authentication
- A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
- A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
- Since:
- 4.1
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected boolean
caseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy
delegatedAuthenticationPolicy
The delegated authn policy.protected boolean
enabled
Is the service allowed at all?protected int
order
The sorting/execution order of this strategy.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access.protected boolean
requireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
requiredAttributes
Collection of required attributes for this service to proceed.protected boolean
ssoEnabled
Is the service allowed to use SSO?protected java.net.URI
unauthorizedRedirectUrl
The Unauthorized redirect url.
-
Constructor Summary
Constructors Constructor Description DefaultRegisteredServiceAccessStrategy()
DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)
DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
doPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
protected boolean
doRejectedAttributesRefusePrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
Do rejected attributes refuse principal access boolean.protected boolean
doRequiredAttributesAllowPrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Do required attributes allow principal access boolean.protected boolean
enoughAttributesAvailableToProcess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
Enough attributes available to process? Check collection sizes and determine if we have enough data to move on.protected boolean
enoughRequiredAttributesAvailableToProcess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Enough required attributes available to process? Check collection sizes and determine if we have enough data to move on.java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
getRequiredAttributes()
Expose underlying attributes for auditing purposes.boolean
isServiceAccessAllowed()
boolean
isServiceAccessAllowedForSso()
void
postLoad()
Post load.protected boolean
requiredAttributesFoundInMap(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Check whether required attributes are found in the given map.void
setServiceAccessAllowed(boolean value)
-
-
-
Field Detail
-
order
protected int order
The sorting/execution order of this strategy.
-
enabled
protected boolean enabled
Is the service allowed at all?
-
ssoEnabled
protected boolean ssoEnabled
Is the service allowed to use SSO?
-
unauthorizedRedirectUrl
protected java.net.URI unauthorizedRedirectUrl
The Unauthorized redirect url.
-
delegatedAuthenticationPolicy
protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
The delegated authn policy.
-
requireAllAttributes
protected boolean requireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.
-
requiredAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes
Collection of required attributes for this service to proceed.
-
rejectedAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access.
-
caseInsensitive
protected boolean caseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.
-
-
Constructor Detail
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy()
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
-
-
Method Detail
-
postLoad
public void postLoad()
Post load.
-
getRequiredAttributes
public java.util.Map<java.lang.String,java.util.Set<java.lang.String>> getRequiredAttributes()
Expose underlying attributes for auditing purposes.- Specified by:
getRequiredAttributes
in interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
- Returns:
- required attributes
-
isServiceAccessAllowedForSso
public boolean isServiceAccessAllowedForSso()
- Specified by:
isServiceAccessAllowedForSso
in interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
isServiceAccessAllowed
public boolean isServiceAccessAllowed()
- Specified by:
isServiceAccessAllowed
in interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
setServiceAccessAllowed
public void setServiceAccessAllowed(boolean value)
- Specified by:
setServiceAccessAllowed
in interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
doPrincipalAttributesAllowServiceAccess
public boolean doPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
- Specified by:
doPrincipalAttributesAllowServiceAccess
in interfaceorg.apereo.cas.services.RegisteredServiceAccessStrategy
-
doRequiredAttributesAllowPrincipalAccess
protected boolean doRequiredAttributesAllowPrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Do required attributes allow principal access boolean.- Parameters:
principalAttributes
- the principal attributesrequiredAttributes
- the required attributes- Returns:
- true/false
-
doRejectedAttributesRefusePrincipalAccess
protected boolean doRejectedAttributesRefusePrincipalAccess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
Do rejected attributes refuse principal access boolean.- Parameters:
principalAttributes
- the principal attributes- Returns:
- true/false
-
enoughAttributesAvailableToProcess
protected boolean enoughAttributesAvailableToProcess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
Enough attributes available to process? Check collection sizes and determine if we have enough data to move on.- Parameters:
principal
- the principalprincipalAttributes
- the principal attributes- Returns:
- true /false
-
enoughRequiredAttributesAvailableToProcess
protected boolean enoughRequiredAttributesAvailableToProcess(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Enough required attributes available to process? Check collection sizes and determine if we have enough data to move on.- Parameters:
principalAttributes
- the principal attributesrequiredAttributes
- the required attributes- Returns:
- true /false
-
requiredAttributesFoundInMap
protected boolean requiredAttributesFoundInMap(java.util.Map<java.lang.String,java.lang.Object> principalAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
Check whether required attributes are found in the given map.- Parameters:
principalAttributes
- the principal attributesrequiredAttributes
- the attributes- Returns:
- true/false
-
-