Package org.apereo.cas.services

Class DefaultRegisteredServiceAccessStrategy

java.lang.Object
org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
All Implemented Interfaces:
Serializable, org.apereo.cas.services.RegisteredServiceAccessStrategy, org.springframework.core.Ordered
public class DefaultRegisteredServiceAccessStrategy extends BaseRegisteredServiceAccessStrategy
This is DefaultRegisteredServiceAccessStrategy that allows the following rules:
  • A service may be disallowed to use CAS for authentication
  • A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
  • A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
Since:
4.1
See Also:

  • Field Details

    • order

      protected int order
      The sorting/execution order of this strategy.

    • enabled

      protected boolean enabled
      Is the service allowed at all?

    • ssoEnabled

      protected boolean ssoEnabled
      Is the service allowed to use SSO?

    • unauthorizedRedirectUrl

      protected URI unauthorizedRedirectUrl
      The Unauthorized redirect url.

    • delegatedAuthenticationPolicy

      protected org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthenticationPolicy
      The delegated authn policy.

    • requireAllAttributes

      protected boolean requireAllAttributes
      Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.

    • requiredAttributes

      protected Map<String,Set<String>> requiredAttributes
      Collection of required attributes for this service to proceed.

    • rejectedAttributes

      protected Map<String,Set<String>> rejectedAttributes
      Collection of attributes that will be rejected which will cause this policy to refuse access.

    • caseInsensitive

      protected boolean caseInsensitive
      Indicates whether matching on required attribute values should be done in a case-insensitive manner.

    • activationCriteria

      protected org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria activationCriteria

  • Constructor Details

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy()

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(Map<String,Set<String>> requiredAttributes, Map<String,Set<String>> rejectedAttributes)

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(Map<String,Set<String>> requiredAttributes)

  • Method Details

    • postLoad

      public void postLoad()
      Post load.

    • isServiceAccessAllowed

      public boolean isServiceAccessAllowed()

    • isServiceAccessAllowedForSso

      public boolean isServiceAccessAllowedForSso()

    • doPrincipalAttributesAllowServiceAccess

      public boolean doPrincipalAttributesAllowServiceAccess(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request)

    • getRequiredAttributes

      public Map<String,Set<String>> getRequiredAttributes()
      Expose underlying attributes for auditing purposes.
      Returns:
      required attributes