See: Description
| Interface | Description |
|---|---|
| MultifactorAuthenticationProvider |
This is
MultifactorAuthenticationProvider
that describes an external authentication entity/provider
matched against a registered service. |
| MultifactorAuthenticationProviderBypass | |
| MultifactorAuthenticationProviderSelector |
This is
MultifactorAuthenticationProviderSelector
that decides how to resolve a single provider from a collection available
to a registered service. |
| RegisteredService |
Interface for a service that can be registered by the Services Management
interface.
|
| RegisteredServiceAccessStrategy |
This is
RegisteredServiceAccessStrategy
that can decide if a service is recognized and authorized to participate
in the CAS protocol flow during authentication/validation events. |
| RegisteredServiceAttributeFilter |
Defines the general contract of the attribute release policy for a registered service.
|
| RegisteredServiceAttributeReleasePolicy |
The release policy that decides how attributes are to be released for a given service.
|
| RegisteredServiceCipherExecutor |
Defines how to encrypt data based on registered service's public key, etc.
|
| RegisteredServiceMultifactorPolicy |
This is
RegisteredServiceMultifactorPolicy that describes how a service
should handle authentication requests. |
| RegisteredServiceProperty |
The
RegisteredServiceProperty defines a single custom
property that is associated with a service. |
| RegisteredServiceProxyPolicy |
Defines the proxying policy for a registered service.
|
| RegisteredServicePublicKey |
Represents a public key for a CAS registered service.
|
| RegisteredServiceUsernameAttributeProvider |
Strategy interface to define what username attribute should
be returned for a given registered service.
|
| ResourceBasedServiceRegistryDao |
This is
ResourceBasedServiceRegistryDao,
which describes operations relevant to a service registry
that is backed by file-system resources. |
| ServiceRegistryDao |
Registry of all RegisteredServices.
|
| ServicesManager |
Manages the storage, retrieval, and matching of Services wishing to use CAS
and services that have been registered with CAS.
|
| Class | Description |
|---|---|
| AbstractMultifactorAuthenticationProvider |
The
AbstractMultifactorAuthenticationProvider is responsible for
as the parent of all providers. |
| AbstractRegisteredService |
Base class for mutable, persistable registered services.
|
| AbstractRegisteredServiceAttributeReleasePolicy |
Abstract release policy for attributes, provides common shared settings such as loggers and attribute filter config.
|
| AbstractResourceBasedServiceRegistryDao | |
| AnonymousRegisteredServiceUsernameAttributeProvider |
Generates a persistent id as username for anonymous service access.
|
| CouchbaseServiceRegistryDao |
This is
CouchbaseServiceRegistryDao. |
| DefaultMultifactorAuthenticationProviderBypass | |
| DefaultRegisteredServiceAccessStrategy |
This is
DefaultRegisteredServiceAccessStrategy
that allows the following rules:
A service may be disallowed to use CAS for authentication
A service may be disallowed to take part in CAS single sign-on such that
presentation of credentials would always be required.
A service may be prohibited from receiving a service ticket
if the existing principal attributes don't contain the required attributes
that otherwise grant access to the service.
|
| DefaultRegisteredServiceMultifactorPolicy | |
| DefaultRegisteredServiceProperty |
The
DefaultRegisteredServiceProperty represents
a single property associated with a registered service. |
| DefaultRegisteredServiceUsernameProvider |
Resolves the username for the service to be the default principal id.
|
| DefaultServicesManagerImpl |
Default implementation of the
ServicesManager interface. |
| DenyAllAttributeReleasePolicy |
A deny rule to refuse all service from receiving attributes, whether default or not.
|
| GroovyScriptAttributeReleasePolicy |
This is
GroovyScriptAttributeReleasePolicy that attempts to release attributes
based on the execution result of an external groovy script. |
| InMemoryServiceRegistryDaoImpl |
Default In Memory Service Registry Dao for test/demonstration purposes.
|
| JpaServiceRegistryDaoImpl |
Implementation of the ServiceRegistryDao based on JPA.
|
| JsonServiceRegistryDao |
Implementation of
ServiceRegistryDao that reads services definition from JSON
configuration file at the Spring Application Context initialization time. |
| MongoServiceRegistryDao |
Implementation of
ServiceRegistryDao that uses a MongoDb repository as the backend
persistence mechanism. |
| OidcRegisteredService |
This is
OidcRegisteredService. |
| PrincipalAttributeRegisteredServiceUsernameProvider |
Determines the username for this registered service based on a principal attribute.
|
| RefuseRegisteredServiceProxyPolicy |
A proxy policy that disallows proxying.
|
| RegexMatchingRegisteredServiceProxyPolicy |
A proxy policy that only allows proxying to pgt urls
that match the specified regex pattern.
|
| RegexRegisteredService |
Mutable registered service that uses Java regular expressions for service matching.
|
| RegisteredServiceAccessStrategyUtils |
This is
RegisteredServiceAccessStrategyUtils that encapsulates common
operations relevant to registered service access strategy and authorizations. |
| RegisteredServicePublicKeyImpl |
Represents a public key for a CAS registered service.
|
| RegisteredServiceYamlSerializer |
This is
RegisteredServiceYamlSerializer. |
| RemoteEndpointServiceAccessStrategy |
This is
RemoteEndpointServiceAccessStrategy that reaches out
to a remote endpoint, passing the CAS principal id to determine if access is allowed. |
| ReturnAllAttributeReleasePolicy |
Return all attributes for the service, regardless of service settings.
|
| ReturnAllowedAttributeReleasePolicy |
Return only the collection of allowed attributes out of what's resolved
for the principal.
|
| ReturnMappedAttributeReleasePolicy |
Return a collection of allowed attributes for the principal, but additionally,
offers the ability to rename attributes on a per-service level.
|
| ServiceContext |
Simple container for holding a service principal and its corresponding registered serivce.
|
| ServiceRegistryInitializer |
Initializes a given service registry data store with available
JSON service definitions if necessary (based on configuration flag).
|
| TimeBasedRegisteredServiceAccessStrategy |
The
TimeBasedRegisteredServiceAccessStrategy is responsible for
enforcing CAS authorization strategy based on a configured start/end time. |
| YamlServiceRegistryDao |
Implementation of
ServiceRegistryDao that reads services definition from YAML
configuration file at the Spring Application Context initialization time. |
| Enum | Description |
|---|---|
| LogoutType |
Enumeration of the logout type.
|
| RegisteredServiceMultifactorPolicy.FailureModes |
The enum Failure modes.
|
| Exception | Description |
|---|---|
| UnauthorizedProxyingException |
Exception thrown when a service attempts to proxy when it is not allowed to.
|
| UnauthorizedServiceException |
Exception that is thrown when an Unauthorized Service attempts to use CAS.
|
| UnauthorizedServiceForPrincipalException |
This is
UnauthorizedServiceForPrincipalException
thrown when an attribute is missing from principal
attribute release policy that would otherwise grant access
to the service that is requesting authentication. |
| UnauthorizedSsoServiceException |
Exception thrown when a service attempts to use SSO when it should not be
allowed to.
|
This package is contains classes related to the restriction of CAS usage to a particular set of services. This is accomplished via a combination of registries and interceptors.
The ServiceRegistry, with its default implementation of DefaultServiceRegistry contains the list of RegisteredServices allowed to access CAS. This list is periodically refreshed via the ServiceRegistryReloader.
CAS itself is protected by a group of interceptors found in the subpackage advice.