Package org.apereo.cas.services
Class DefaultRegisteredServiceAccessStrategy
- java.lang.Object
-
- org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
-
- org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
-
- All Implemented Interfaces:
java.io.Serializable
,org.apereo.cas.services.RegisteredServiceAccessStrategy
,org.springframework.core.Ordered
public class DefaultRegisteredServiceAccessStrategy extends BaseRegisteredServiceAccessStrategy
This isDefaultRegisteredServiceAccessStrategy
that allows the following rules:- A service may be disallowed to use CAS for authentication
- A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
- A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
- Since:
- 4.1
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected boolean
caseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy
delegatedAuthenticationPolicy
The delegated authn policy.protected boolean
enabled
Is the service allowed at all?protected int
order
The sorting/execution order of this strategy.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access.protected boolean
requireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes.protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
requiredAttributes
Collection of required attributes for this service to proceed.protected boolean
ssoEnabled
Is the service allowed to use SSO?protected java.net.URI
unauthorizedRedirectUrl
The Unauthorized redirect url.
-
Constructor Summary
Constructors Constructor Description DefaultRegisteredServiceAccessStrategy()
DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)
DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
doPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
java.util.Map<java.lang.String,java.util.Set<java.lang.String>>
getRequiredAttributes()
Expose underlying attributes for auditing purposes.boolean
isServiceAccessAllowed()
boolean
isServiceAccessAllowedForSso()
void
postLoad()
Post load.void
setServiceAccessAllowed(boolean value)
-
-
-
Field Detail
-
order
protected int order
The sorting/execution order of this strategy.
-
enabled
protected boolean enabled
Is the service allowed at all?
-
ssoEnabled
protected boolean ssoEnabled
Is the service allowed to use SSO?
-
unauthorizedRedirectUrl
protected java.net.URI unauthorizedRedirectUrl
The Unauthorized redirect url.
-
delegatedAuthenticationPolicy
protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
The delegated authn policy.
-
requireAllAttributes
protected boolean requireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.
-
requiredAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes
Collection of required attributes for this service to proceed.
-
rejectedAttributes
protected java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access.
-
caseInsensitive
protected boolean caseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.
-
-
Constructor Detail
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy()
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes, java.util.Map<java.lang.String,java.util.Set<java.lang.String>> rejectedAttributes)
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(java.util.Map<java.lang.String,java.util.Set<java.lang.String>> requiredAttributes)
-
-
Method Detail
-
postLoad
public void postLoad()
Post load.
-
getRequiredAttributes
public java.util.Map<java.lang.String,java.util.Set<java.lang.String>> getRequiredAttributes()
Expose underlying attributes for auditing purposes.- Returns:
- required attributes
-
isServiceAccessAllowedForSso
public boolean isServiceAccessAllowedForSso()
-
isServiceAccessAllowed
public boolean isServiceAccessAllowed()
-
setServiceAccessAllowed
public void setServiceAccessAllowed(boolean value)
-
doPrincipalAttributesAllowServiceAccess
public boolean doPrincipalAttributesAllowServiceAccess(java.lang.String principal, java.util.Map<java.lang.String,java.lang.Object> principalAttributes)
-
-