Package org.apereo.cas.services
Class DefaultRegisteredServiceAccessStrategy
java.lang.Object
org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
- All Implemented Interfaces:
Serializable
,org.apereo.cas.services.RegisteredServiceAccessStrategy
,org.springframework.core.Ordered
This is
DefaultRegisteredServiceAccessStrategy
that allows the following rules:
- A service may be disallowed to use CAS for authentication
- A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
- A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
- Since:
- 4.1
- See Also:
-
Field Summary
Fields inherited from interface org.springframework.core.Ordered
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE
-
Constructor Summary
ConstructorDescriptionDefaultRegisteredServiceAccessStrategy
(boolean enabled, boolean ssoEnabled) DefaultRegisteredServiceAccessStrategy
(Map<String, Set<String>> requiredAttributes) DefaultRegisteredServiceAccessStrategy
(Map<String, Set<String>> requiredAttributes, Map<String, Set<String>> rejectedAttributes) -
Method Summary
Modifier and TypeMethodDescriptionboolean
authorizeRequest
(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request) boolean
org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria
int
getOrder()
The sorting/execution order of this strategy.Collection of attributes that will be rejected which will cause this policy to refuse access.Expose underlying attributes for auditing purposes.The Unauthorized redirect url.int
hashCode()
boolean
Indicates whether matching on required attribute values should be done in a case-insensitive manner.boolean
Is the service allowed at all?boolean
Defines the attribute aggregation behavior when checking for required attributes.boolean
isServiceAccessAllowed
(org.apereo.cas.services.RegisteredService registeredService, org.apereo.cas.authentication.principal.Service service) boolean
isServiceAccessAllowedForSso
(org.apereo.cas.services.RegisteredService registeredService) boolean
Is the service allowed to use SSO?void
postLoad()
Post load.setActivationCriteria
(org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria activationCriteria) setCaseInsensitive
(boolean caseInsensitive) Indicates whether matching on required attribute values should be done in a case-insensitive manner.setEnabled
(boolean enabled) Is the service allowed at all?setOrder
(int order) The sorting/execution order of this strategy.setRejectedAttributes
(Map<String, Set<String>> rejectedAttributes) Collection of attributes that will be rejected which will cause this policy to refuse access.setRequireAllAttributes
(boolean requireAllAttributes) Defines the attribute aggregation behavior when checking for required attributes.setRequiredAttributes
(Map<String, Set<String>> requiredAttributes) Collection of required attributes for this service to proceed.setSsoEnabled
(boolean ssoEnabled) Is the service allowed to use SSO?setUnauthorizedRedirectUrl
(URI unauthorizedRedirectUrl) The Unauthorized redirect url.toString()
Methods inherited from class org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
getDelegatedAuthenticationPolicy, setDelegatedAuthenticationPolicy
-
Constructor Details
-
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy() -
DefaultRegisteredServiceAccessStrategy
public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled) -
DefaultRegisteredServiceAccessStrategy
-
DefaultRegisteredServiceAccessStrategy
-
-
Method Details
-
postLoad
public void postLoad()Post load. -
isServiceAccessAllowed
public boolean isServiceAccessAllowed(org.apereo.cas.services.RegisteredService registeredService, org.apereo.cas.authentication.principal.Service service) -
isServiceAccessAllowedForSso
public boolean isServiceAccessAllowedForSso(org.apereo.cas.services.RegisteredService registeredService) -
authorizeRequest
public boolean authorizeRequest(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request) throws Throwable - Throws:
Throwable
-
getRequiredAttributes
Expose underlying attributes for auditing purposes.- Returns:
- required attributes
-
toString
- Overrides:
toString
in classBaseRegisteredServiceAccessStrategy
-
getOrder
public int getOrder()The sorting/execution order of this strategy. -
isEnabled
public boolean isEnabled()Is the service allowed at all? -
isSsoEnabled
public boolean isSsoEnabled()Is the service allowed to use SSO? -
getUnauthorizedRedirectUrl
The Unauthorized redirect url. -
isRequireAllAttributes
public boolean isRequireAllAttributes()Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's. -
getRejectedAttributes
Collection of attributes that will be rejected which will cause this policy to refuse access. -
isCaseInsensitive
public boolean isCaseInsensitive()Indicates whether matching on required attribute values should be done in a case-insensitive manner. -
getActivationCriteria
public org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria getActivationCriteria() -
equals
- Overrides:
equals
in classBaseRegisteredServiceAccessStrategy
-
hashCode
public int hashCode()- Overrides:
hashCode
in classBaseRegisteredServiceAccessStrategy
-
setOrder
The sorting/execution order of this strategy.- Returns:
this
.
-
setEnabled
Is the service allowed at all?- Returns:
this
.
-
setSsoEnabled
Is the service allowed to use SSO?- Returns:
this
.
-
setUnauthorizedRedirectUrl
public DefaultRegisteredServiceAccessStrategy setUnauthorizedRedirectUrl(URI unauthorizedRedirectUrl) The Unauthorized redirect url.- Returns:
this
.
-
setRequireAllAttributes
Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.- Returns:
this
.
-
setRequiredAttributes
public DefaultRegisteredServiceAccessStrategy setRequiredAttributes(Map<String, Set<String>> requiredAttributes) Collection of required attributes for this service to proceed.- Returns:
this
.
-
setRejectedAttributes
public DefaultRegisteredServiceAccessStrategy setRejectedAttributes(Map<String, Set<String>> rejectedAttributes) Collection of attributes that will be rejected which will cause this policy to refuse access.- Returns:
this
.
-
setCaseInsensitive
Indicates whether matching on required attribute values should be done in a case-insensitive manner.- Returns:
this
.
-
setActivationCriteria
public DefaultRegisteredServiceAccessStrategy setActivationCriteria(org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria activationCriteria) - Returns:
this
.
-