Package org.apereo.cas.services
package org.apereo.cas.services
This package is contains classes related to the restriction of CAS usage to a particular set of services. This is accomplished via a combination of registries and interceptors.
The ServiceRegistry, with its default implementation of DefaultServiceRegistry contains the list of RegisteredServices allowed to access CAS. This list is periodically refreshed via the ServiceRegistryReloader.
CAS itself is protected by a group of interceptors found in the subpackage advice.
- Since:
- 3.0
-
ClassDescriptionGenerates a persistent id as username for anonymous service access.Base class for mutable, persistable registered services.This is
BaseRegisteredServiceAccessStrategy
.This isBaseWebBasedRegisteredService
.This isCasRegisteredService
.This isDefaultRegisteredServiceAccessStrategy
that allows the following rules: A service may be disallowed to use CAS for authentication A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required. A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.Contact assigned to a service definition.TheDefaultRegisteredServiceProperty
represents a single property associated with a registered service.Resolves the username for the service to be the default principal id.Resolves the username for the service to be the default principal id.This isHttpRequestRegisteredServiceAccessStrategy
that reaches out to a remote endpoint, passing the CAS principal id to determine if access is allowed.This isOpenFGARegisteredServiceAccessStrategy
that reaches out to OpenFGA to check for user access.This isOpenPolicyAgentRegisteredServiceAccessStrategy
that reaches out to OPA to check for user access.Determines the username for this registered service based on a principal attribute.A proxy policy that disallows proxying.A proxy policy that only allows proxying to pgt urls that match the specified regex pattern.Deprecated.This isRegisteredServiceAccessStrategyUtils
that encapsulates common operations relevant to registered service access strategy and authorizations.Represents a public key for a CAS registered service.Interface forDefaultRegisteredServicesEventListener
to allow spring@Async
support to use JDK proxy.This isRemoteEndpointServiceAccessStrategy
that reaches out to a remote endpoint, passing the CAS principal id to determine if access is allowed.A proxy policy that only allows proxying to pgt urls via a REST endpoint.Returns a static value for the username attribute.TheTimeBasedRegisteredServiceAccessStrategy
is responsible for enforcing CAS authorization strategy based on a configured start/end time.
CasRegi