Package org.apereo.cas.services
Class DefaultRegisteredServiceAccessStrategy
java.lang.Object
org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
- All Implemented Interfaces:
Serializable
,org.apereo.cas.services.RegisteredServiceAccessStrategy
,org.springframework.core.Ordered
This is
DefaultRegisteredServiceAccessStrategy
that allows the following rules:
- A service may be disallowed to use CAS for authentication
- A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
- A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
- Since:
- 4.1
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionprotected org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria
protected boolean
Indicates whether matching on required attribute values should be done in a case-insensitive manner.protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy
The delegated authn policy.protected boolean
Is the service allowed at all?protected int
The sorting/execution order of this strategy.Collection of attributes that will be rejected which will cause this policy to refuse access.protected boolean
Defines the attribute aggregation behavior when checking for required attributes.Collection of required attributes for this service to proceed.protected boolean
Is the service allowed to use SSO?protected URI
The Unauthorized redirect url.Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionDefaultRegisteredServiceAccessStrategy
(boolean enabled, boolean ssoEnabled) DefaultRegisteredServiceAccessStrategy
(Map<String, Set<String>> requiredAttributes) DefaultRegisteredServiceAccessStrategy
(Map<String, Set<String>> requiredAttributes, Map<String, Set<String>> rejectedAttributes) -
Method Summary
Modifier and TypeMethodDescriptionboolean
doPrincipalAttributesAllowServiceAccess
(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request) Expose underlying attributes for auditing purposes.boolean
boolean
void
postLoad()
Post load.Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface org.apereo.cas.services.RegisteredServiceAccessStrategy
getDelegatedAuthenticationPolicy, getOrder, getUnauthorizedRedirectUrl
-
Field Details
-
order
protected int orderThe sorting/execution order of this strategy. -
enabled
protected boolean enabledIs the service allowed at all? -
ssoEnabled
protected boolean ssoEnabledIs the service allowed to use SSO? -
unauthorizedRedirectUrl
The Unauthorized redirect url. -
delegatedAuthenticationPolicy
protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicyThe delegated authn policy. -
requireAllAttributes
protected boolean requireAllAttributesDefines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's. -
requiredAttributes
Collection of required attributes for this service to proceed. -
rejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access. -
caseInsensitive
protected boolean caseInsensitiveIndicates whether matching on required attribute values should be done in a case-insensitive manner. -
activationCriteria
protected org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria activationCriteria
-
-
Constructor Details
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy() -
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled) -
DefaultRegisteredServiceAccessStrategy
-
DefaultRegisteredServiceAccessStrategy
-
-
Method Details
-
postLoad
public void postLoad()Post load. -
getRequiredAttributes
Expose underlying attributes for auditing purposes.- Returns:
- required attributes
-
isServiceAccessAllowedForSso
public boolean isServiceAccessAllowedForSso() -
isServiceAccessAllowed
public boolean isServiceAccessAllowed() -
doPrincipalAttributesAllowServiceAccess
public boolean doPrincipalAttributesAllowServiceAccess(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request)
-