Package org.apereo.cas.services

Class DefaultRegisteredServiceAccessStrategy

java.lang.Object
org.apereo.cas.services.BaseRegisteredServiceAccessStrategy
org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy
All Implemented Interfaces:
Serializable, org.apereo.cas.services.RegisteredServiceAccessStrategy, org.springframework.core.Ordered
public class DefaultRegisteredServiceAccessStrategy extends BaseRegisteredServiceAccessStrategy
This is DefaultRegisteredServiceAccessStrategy that allows the following rules:
  • A service may be disallowed to use CAS for authentication
  • A service may be disallowed to take part in CAS single sign-on such that presentation of credentials would always be required.
  • A service may be prohibited from receiving a service ticket if the existing principal attributes don't contain the required attributes that otherwise grant access to the service.
Since:
4.1
See Also:

  • Constructor Details

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy()

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(boolean enabled, boolean ssoEnabled)

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(Map<String,Set<String>> requiredAttributes, Map<String,Set<String>> rejectedAttributes)

    • DefaultRegisteredServiceAccessStrategy

      public DefaultRegisteredServiceAccessStrategy(Map<String,Set<String>> requiredAttributes)

  • Method Details

    • postLoad

      public void postLoad()
      Post load.

    • isServiceAccessAllowed

      public boolean isServiceAccessAllowed(org.apereo.cas.services.RegisteredService registeredService, org.apereo.cas.authentication.principal.Service service)

    • isServiceAccessAllowedForSso

      public boolean isServiceAccessAllowedForSso(org.apereo.cas.services.RegisteredService registeredService)

    • authorizeRequest

      public boolean authorizeRequest(org.apereo.cas.services.RegisteredServiceAccessStrategyRequest request) throws Throwable
      Throws:
      Throwable

    • getRequiredAttributes

      public Map<String,Set<String>> getRequiredAttributes()
      Expose underlying attributes for auditing purposes.
      Returns:
      required attributes

    • toString

      public String toString()
      Overrides:
      toString in class BaseRegisteredServiceAccessStrategy

    • getOrder

      public int getOrder()
      The sorting/execution order of this strategy.

    • isEnabled

      public boolean isEnabled()
      Is the service allowed at all?

    • isSsoEnabled

      public boolean isSsoEnabled()
      Is the service allowed to use SSO?

    • getUnauthorizedRedirectUrl

      public URI getUnauthorizedRedirectUrl()
      The Unauthorized redirect url.

    • isRequireAllAttributes

      public boolean isRequireAllAttributes()
      Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.

    • getRejectedAttributes

      public Map<String,Set<String>> getRejectedAttributes()
      Collection of attributes that will be rejected which will cause this policy to refuse access.

    • isCaseInsensitive

      public boolean isCaseInsensitive()
      Indicates whether matching on required attribute values should be done in a case-insensitive manner.

    • getActivationCriteria

      public org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria getActivationCriteria()

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class BaseRegisteredServiceAccessStrategy

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class BaseRegisteredServiceAccessStrategy

    • setOrder

      public DefaultRegisteredServiceAccessStrategy setOrder(int order)
      The sorting/execution order of this strategy.
      Returns:
      this.

    • setEnabled

      public DefaultRegisteredServiceAccessStrategy setEnabled(boolean enabled)
      Is the service allowed at all?
      Returns:
      this.

    • setSsoEnabled

      public DefaultRegisteredServiceAccessStrategy setSsoEnabled(boolean ssoEnabled)
      Is the service allowed to use SSO?
      Returns:
      this.

    • setUnauthorizedRedirectUrl

      public DefaultRegisteredServiceAccessStrategy setUnauthorizedRedirectUrl(URI unauthorizedRedirectUrl)
      The Unauthorized redirect url.
      Returns:
      this.

    • setRequireAllAttributes

      public DefaultRegisteredServiceAccessStrategy setRequireAllAttributes(boolean requireAllAttributes)
      Defines the attribute aggregation behavior when checking for required attributes. Default requires that all attributes be present and match the principal's.
      Returns:
      this.

    • setRequiredAttributes

      public DefaultRegisteredServiceAccessStrategy setRequiredAttributes(Map<String,Set<String>> requiredAttributes)
      Collection of required attributes for this service to proceed.
      Returns:
      this.

    • setRejectedAttributes

      public DefaultRegisteredServiceAccessStrategy setRejectedAttributes(Map<String,Set<String>> rejectedAttributes)
      Collection of attributes that will be rejected which will cause this policy to refuse access.
      Returns:
      this.

    • setCaseInsensitive

      public DefaultRegisteredServiceAccessStrategy setCaseInsensitive(boolean caseInsensitive)
      Indicates whether matching on required attribute values should be done in a case-insensitive manner.
      Returns:
      this.

    • setActivationCriteria

      public DefaultRegisteredServiceAccessStrategy setActivationCriteria(org.apereo.cas.services.RegisteredServiceAccessStrategyActivationCriteria activationCriteria)
      Returns:
      this.