@Transactional(transactionManager="ticketTransactionManager") public class DefaultCentralAuthenticationService extends AbstractCentralAuthenticationService
CentralAuthenticationService, and also the
central, organizing component of CAS' internal implementation.
This class is threadsafe.applicationEventPublisher, authenticationRequestServiceSelectionStrategies, cipherExecutor, logoutManager, principalFactory, serviceContextAuthenticationPolicyFactory, servicesManager, ticketFactory, ticketRegistry| Constructor and Description |
|---|
DefaultCentralAuthenticationService(TicketRegistry ticketRegistry,
TicketFactory ticketFactory,
ServicesManager servicesManager,
LogoutManager logoutManager,
AuthenticationServiceSelectionPlan selectionStrategies,
ContextualAuthenticationPolicyFactory<ServiceContext> authenticationPolicyFactory,
PrincipalFactory principalFactory,
CipherExecutor<java.lang.String,java.lang.String> cipherExecutor)
Build the central authentication service implementation.
|
| Modifier and Type | Method and Description |
|---|---|
ProxyGrantingTicket |
createProxyGrantingTicket(java.lang.String serviceTicketId,
AuthenticationResult authenticationResult)
Delegate a TicketGrantingTicket to a Service for proxying authentication
to other Services.
|
TicketGrantingTicket |
createTicketGrantingTicket(AuthenticationResult authenticationResult)
Create a
TicketGrantingTicket by authenticating credentials. |
java.util.List<LogoutRequest> |
destroyTicketGrantingTicket(java.lang.String ticketGrantingTicketId)
Destroy a TicketGrantingTicket and perform back channel logout.
|
ProxyTicket |
grantProxyTicket(java.lang.String proxyGrantingTicket,
Service service)
Grant a
ProxyTicket that may be used to access the given service
by authenticating the given credentials. |
ServiceTicket |
grantServiceTicket(java.lang.String ticketGrantingTicketId,
Service service,
AuthenticationResult authenticationResult)
Grant a
ServiceTicket that may be used to access the given service
by authenticating the given credentials. |
Assertion |
validateServiceTicket(java.lang.String serviceTicketId,
Service service)
Validate a ServiceTicket for a particular Service.
|
deleteTicket, doPublishEvent, evaluateProxiedServiceIfNeeded, getAuthenticationSatisfiedByPolicy, getTicket, getTicket, getTickets, isTicketAuthenticityVerified, resolveServiceFromAuthenticationRequest, setApplicationEventPublisher, updateTicket, verifyTicketStatepublic DefaultCentralAuthenticationService(TicketRegistry ticketRegistry, TicketFactory ticketFactory, ServicesManager servicesManager, LogoutManager logoutManager, AuthenticationServiceSelectionPlan selectionStrategies, ContextualAuthenticationPolicyFactory<ServiceContext> authenticationPolicyFactory, PrincipalFactory principalFactory, CipherExecutor<java.lang.String,java.lang.String> cipherExecutor)
ticketRegistry - the tickets registry.ticketFactory - the ticket factoryservicesManager - the services manager.logoutManager - the logout manager.selectionStrategies - The service selection strategy during validation events.authenticationPolicyFactory - Authentication policy that uses a service context to
produce stateful security policies to apply when authenticating credentials.principalFactory - principal factory to create principal objectscipherExecutor - Cipher executor to handle ticket validation.@Timed(name="DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name="DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name="DESTROY_TICKET_GRANTING_TICKET_COUNTER",
monotonic=true)
public java.util.List<LogoutRequest> destroyTicketGrantingTicket(java.lang.String ticketGrantingTicketId)
CentralAuthenticationServiceIllegalArgumentException if the TicketGrantingTicket ID is null.ticketGrantingTicketId - the id of the ticket we want to destroy@Timed(name="GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER",
monotonic=true)
public ServiceTicket grantServiceTicket(java.lang.String ticketGrantingTicketId,
Service service,
AuthenticationResult authenticationResult)
throws AuthenticationException,
AbstractTicketException
CentralAuthenticationServiceServiceTicket that may be used to access the given service
by authenticating the given credentials.
The details of the security policy around credential authentication and the definition
of authentication success are dependent on the implementation, but it SHOULD be safe to assume
that at least one credential MUST be authenticated for ticket creation to succeed.
The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.
ticketGrantingTicketId - Proof of prior authentication.service - The target service of the ServiceTicket.authenticationResult - The authentication context established if credentials providedAuthenticationException - on errors authenticating the credentialsAbstractTicketException - if the ticket could not be created.@Timed(name="GRANT_PROXY_TICKET_TIMER")
@Metered(name="GRANT_PROXY_TICKET_METER")
@Counted(name="GRANT_PROXY_TICKET_COUNTER",
monotonic=true)
public ProxyTicket grantProxyTicket(java.lang.String proxyGrantingTicket,
Service service)
throws AbstractTicketException
CentralAuthenticationServiceProxyTicket that may be used to access the given service
by authenticating the given credentials.
The details of the security policy around credential authentication and the definition
of authentication success are dependent on the implementation, but it SHOULD be safe to assume
that at least one credential MUST be authenticated for ticket creation to succeed.
The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.
proxyGrantingTicket - Proof of prior authentication.service - The target service of the ServiceTicket.AbstractTicketException - if the ticket could not be created.@Timed(name="CREATE_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="CREATE_PROXY_GRANTING_TICKET_METER")
@Counted(name="CREATE_PROXY_GRANTING_TICKET_COUNTER",
monotonic=true)
public ProxyGrantingTicket createProxyGrantingTicket(java.lang.String serviceTicketId,
AuthenticationResult authenticationResult)
throws AuthenticationException,
AbstractTicketException
CentralAuthenticationServiceserviceTicketId - The service ticket identifier that will delegate to a TicketGrantingTicket.authenticationResult - The current authentication context before this ticket can be granted.ServiceTicket that proxy authentication.AuthenticationException - on errors authenticating the credentialsAbstractTicketException - if there was an error creating the ticket@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER",
monotonic=true)
public Assertion validateServiceTicket(java.lang.String serviceTicketId,
Service service)
throws AbstractTicketException
CentralAuthenticationServiceserviceTicketId - Proof of prior authentication.service - Service wishing to validate a prior authentication.AbstractTicketException - if there was an error validating the ticket.@Timed(name="CREATE_TICKET_GRANTING_TICKET_TIMER")
@Metered(name="CREATE_TICKET_GRANTING_TICKET_METER")
@Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER",
monotonic=true)
public TicketGrantingTicket createTicketGrantingTicket(AuthenticationResult authenticationResult)
throws AuthenticationException,
AbstractTicketException
CentralAuthenticationServiceTicketGrantingTicket by authenticating credentials.
The details of the security policy around credential authentication and the definition
of authentication success are dependent on the implementation, but it SHOULD be safe to assume
that at least one credential MUST be authenticated for ticket creation to succeed.authenticationResult - the current authentication result in order to create the ticket.AuthenticationException - on errors authenticating the credentialsAbstractTicketException - if ticket cannot be created