Package org.apereo.cas.services

Class DefaultRegisteredServiceAccessStrategy

  • All Implemented Interfaces:
    java.io.Serializable, org.apereo.cas.services.RegisteredServiceAccessStrategy, org.springframework.core.Ordered
    public class DefaultRegisteredServiceAccessStrategy
extends BaseRegisteredServiceAccessStrategy
    This is DefaultRegisteredServiceAccessStrategy that allows the following rules:
    • A service may be disallowed to use CAS for authentication
    • A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
    • A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
    Since:
    4.1
    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected boolean caseInsensitive
      Indicates whether matching on required attribute values should be done in a case-insensitive manner.
      protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
      The delegated authn policy.
      protected boolean enabled
      Is the service allowed at all?
      protected int order
      The sorting/execution order of this strategy.
      protected java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> rejectedAttributes
      Collection of attributes that will be rejected which will cause this policy to refuse access.
      protected boolean requireAllAttributes
      Defines the attribute aggregation behavior when checking for required attributes.
      protected java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> requiredAttributes
      Collection of required attributes for this service to proceed.
      protected boolean ssoEnabled
      Is the service allowed to use SSO?
      protected java.net.URI unauthorizedRedirectUrl
      The Unauthorized redirect url.

      • Fields inherited from interface org.springframework.core.Ordered

        HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE

    • Field Detail

      • order

        protected int order
        The sorting/execution order of this strategy.

      • enabled

        protected boolean enabled
        Is the service allowed at all?

      • ssoEnabled

        protected boolean ssoEnabled
        Is the service allowed to use SSO?

      • unauthorizedRedirectUrl

        protected java.net.URI unauthorizedRedirectUrl
        The Unauthorized redirect url.

      • delegatedAuthenticationPolicy

        protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
        The delegated authn policy.

      • requireAllAttributes

        protected boolean requireAllAttributes
        Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.

      • requiredAttributes

        protected java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> requiredAttributes
        Collection of required attributes for this service to proceed.

      • rejectedAttributes

        protected java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> rejectedAttributes
        Collection of attributes that will be rejected which will cause this policy to refuse access.

      • caseInsensitive

        protected boolean caseInsensitive
        Indicates whether matching on required attribute values should be done in a case-insensitive manner.

    • Constructor Detail

      • DefaultRegisteredServiceAccessStrategy

        public DefaultRegisteredServiceAccessStrategy()

      • DefaultRegisteredServiceAccessStrategy

        public DefaultRegisteredServiceAccessStrategy​(boolean enabled,
                                              boolean ssoEnabled)

      • DefaultRegisteredServiceAccessStrategy

        public DefaultRegisteredServiceAccessStrategy​(java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> requiredAttributes,
                                              java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> rejectedAttributes)

      • DefaultRegisteredServiceAccessStrategy

        public DefaultRegisteredServiceAccessStrategy​(java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> requiredAttributes)

    • Method Detail

      • postLoad

        public void postLoad()
        Post load.

      • getRequiredAttributes

        public java.util.Map<java.lang.String,​java.util.Set<java.lang.String>> getRequiredAttributes()
        Expose underlying attributes for auditing purposes.
        Returns:
        required attributes

      • isServiceAccessAllowedForSso

        public boolean isServiceAccessAllowedForSso()

      • isServiceAccessAllowed

        public boolean isServiceAccessAllowed()

      • setServiceAccessAllowed

        public void setServiceAccessAllowed​(boolean value)

      • doPrincipalAttributesAllowServiceAccess

        public boolean doPrincipalAttributesAllowServiceAccess​(java.lang.String principal,
                                                       java.util.Map<java.lang.String,​java.lang.Object> principalAttributes)