Package org.apereo.cas

Class AbstractCentralAuthenticationService

  • All Implemented Interfaces:
    java.io.Serializable, org.apereo.cas.CentralAuthenticationService, org.springframework.beans.factory.Aware, org.springframework.context.ApplicationEventPublisherAware
    Direct Known Subclasses:
    DefaultCentralAuthenticationService
    public abstract class AbstractCentralAuthenticationService
extends java.lang.Object
implements org.apereo.cas.CentralAuthenticationService, java.io.Serializable, org.springframework.context.ApplicationEventPublisherAware
    An abstract implementation of the CentralAuthenticationService that provides access to the needed scaffolding and services that are necessary to CAS, such as ticket registry, service registry, etc. The intention here is to allow extensions to easily benefit these already-configured components without having to to duplicate them again.
    Since:
    4.2.0
    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected org.springframework.context.ApplicationEventPublisher applicationEventPublisher
      Application event publisher.
      protected org.apereo.cas.authentication.AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies
      The service selection strategy during validation events.
      protected org.apereo.cas.CipherExecutor<java.lang.String,​java.lang.String> cipherExecutor
      Cipher executor to handle ticket validation.
      protected org.apereo.cas.logout.LogoutManager logoutManager
      The logout manager.
      protected org.apereo.cas.authentication.principal.PrincipalFactory principalFactory
      Factory to create the principal type.
      protected org.apereo.cas.audit.AuditableExecution registeredServiceAccessStrategyEnforcer
      Enforce registered service access in an auditable way since the access strategy is not usually managed as a Spring bean.
      protected org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory<org.apereo.cas.services.ServiceContext> serviceContextAuthenticationPolicyFactory
      Authentication policy that uses a service context to produce stateful security policies to apply when authenticating credentials.
      protected org.apereo.cas.services.ServicesManager servicesManager
      Implementation of Service Manager.
      protected org.apereo.cas.ticket.TicketFactory ticketFactory
      The ticket factory.
      protected org.apereo.cas.ticket.registry.TicketRegistry ticketRegistry
      TicketRegistry for storing and retrieving tickets as needed.

      • Fields inherited from interface org.apereo.cas.CentralAuthenticationService

        NAMESPACE

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void deleteTicket​(java.lang.String ticketId)  
      protected void doPublishEvent​(org.springframework.context.ApplicationEvent e)
      Publish CAS events.
      protected void evaluateProxiedServiceIfNeeded​(org.apereo.cas.authentication.principal.Service service, org.apereo.cas.ticket.TicketGrantingTicket ticketGrantingTicket, org.apereo.cas.services.RegisteredService registeredService)
      Evaluate proxied service if needed.
      protected org.apereo.cas.authentication.Authentication getAuthenticationSatisfiedByPolicy​(org.apereo.cas.authentication.Authentication authentication, org.apereo.cas.services.ServiceContext context)
      Gets the authentication satisfied by policy.
      org.apereo.cas.ticket.Ticket getTicket​(@NonNull java.lang.String ticketId)  
      <T extends org.apereo.cas.ticket.Ticket>
      T      		 getTicket​(@NonNull java.lang.String ticketId, java.lang.Class<T> clazz)
      java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets​(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)  
      protected boolean isTicketAuthenticityVerified​(java.lang.String ticketId)
      Verify the ticket id received is actually legitimate before contacting downstream systems to find and process it.
      protected org.apereo.cas.authentication.principal.Service resolveServiceFromAuthenticationRequest​(org.apereo.cas.authentication.principal.Service service)
      Resolve service from authentication request.
      org.apereo.cas.ticket.Ticket updateTicket​(org.apereo.cas.ticket.Ticket ticket)  
      protected void verifyTicketState​(org.apereo.cas.ticket.Ticket ticket, java.lang.String id, java.lang.Class clazz)
      Validate ticket expiration policy and throws exception if ticket is no longer valid.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

      • Methods inherited from interface org.springframework.context.ApplicationEventPublisherAware

        setApplicationEventPublisher

      • Methods inherited from interface org.apereo.cas.CentralAuthenticationService

        createProxyGrantingTicket, createTicketGrantingTicket, destroyTicketGrantingTicket, grantProxyTicket, grantServiceTicket, validateServiceTicket

    • Field Detail

      • applicationEventPublisher

        protected org.springframework.context.ApplicationEventPublisher applicationEventPublisher
        Application event publisher.

      • ticketRegistry

        protected final org.apereo.cas.ticket.registry.TicketRegistry ticketRegistry
        TicketRegistry for storing and retrieving tickets as needed.

      • servicesManager

        protected final org.apereo.cas.services.ServicesManager servicesManager
        Implementation of Service Manager.

      • logoutManager

        protected final org.apereo.cas.logout.LogoutManager logoutManager
        The logout manager.

      • ticketFactory

        protected final org.apereo.cas.ticket.TicketFactory ticketFactory
        The ticket factory.

      • authenticationRequestServiceSelectionStrategies

        protected final org.apereo.cas.authentication.AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies
        The service selection strategy during validation events.

      • serviceContextAuthenticationPolicyFactory

        protected final org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory<org.apereo.cas.services.ServiceContext> serviceContextAuthenticationPolicyFactory
        Authentication policy that uses a service context to produce stateful security policies to apply when authenticating credentials.

      • principalFactory

        protected final org.apereo.cas.authentication.principal.PrincipalFactory principalFactory
        Factory to create the principal type.

      • cipherExecutor

        protected final org.apereo.cas.CipherExecutor<java.lang.String,​java.lang.String> cipherExecutor
        Cipher executor to handle ticket validation.

      • registeredServiceAccessStrategyEnforcer

        protected final org.apereo.cas.audit.AuditableExecution registeredServiceAccessStrategyEnforcer
        Enforce registered service access in an auditable way since the access strategy is not usually managed as a Spring bean.

    • Constructor Detail

      • AbstractCentralAuthenticationService

        public AbstractCentralAuthenticationService()

    • Method Detail

      • doPublishEvent

        protected void doPublishEvent​(org.springframework.context.ApplicationEvent e)
        Publish CAS events.
        Parameters:
        e - the event

      • getTicket

        @Transactional(transactionManager="ticketTransactionManager",
               noRollbackFor=org.apereo.cas.ticket.InvalidTicketException.class)
public org.apereo.cas.ticket.Ticket getTicket​(@NonNull
                                              @NonNull java.lang.String ticketId)
                                       throws org.apereo.cas.ticket.InvalidTicketException
        Specified by:
        getTicket in interface org.apereo.cas.CentralAuthenticationService
        Throws:
        org.apereo.cas.ticket.InvalidTicketException

      • getTicket

        @Transactional(transactionManager="ticketTransactionManager",
               noRollbackFor=org.apereo.cas.ticket.InvalidTicketException.class)
public <T extends org.apereo.cas.ticket.Ticket> T getTicket​(@NonNull
                                                            @NonNull java.lang.String ticketId,
                                                            java.lang.Class<T> clazz)
                                                     throws org.apereo.cas.ticket.InvalidTicketException

        Note: Synchronization on ticket object in case of cache based registry doesn't serialize access to critical section. The reason is that cache pulls serialized data and builds new object, most likely for each pull. Is this synchronization needed here?

        Specified by:
        getTicket in interface org.apereo.cas.CentralAuthenticationService
        Throws:
        org.apereo.cas.ticket.InvalidTicketException

      • getTickets

        @Transactional(transactionManager="ticketTransactionManager")
public java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets​(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
        Specified by:
        getTickets in interface org.apereo.cas.CentralAuthenticationService

      • deleteTicket

        @Transactional(transactionManager="ticketTransactionManager")
public void deleteTicket​(java.lang.String ticketId)
        Specified by:
        deleteTicket in interface org.apereo.cas.CentralAuthenticationService

      • getAuthenticationSatisfiedByPolicy

        protected org.apereo.cas.authentication.Authentication getAuthenticationSatisfiedByPolicy​(org.apereo.cas.authentication.Authentication authentication,
                                                                                          org.apereo.cas.services.ServiceContext context)
                                                                                   throws org.apereo.cas.ticket.AbstractTicketException
        Gets the authentication satisfied by policy.
        Parameters:
        authentication - the authentication
        context - the context
        Returns:
        the authentication satisfied by policy
        Throws:
        org.apereo.cas.ticket.AbstractTicketException - the ticket exception

      • evaluateProxiedServiceIfNeeded

        protected void evaluateProxiedServiceIfNeeded​(org.apereo.cas.authentication.principal.Service service,
                                              org.apereo.cas.ticket.TicketGrantingTicket ticketGrantingTicket,
                                              org.apereo.cas.services.RegisteredService registeredService)
        Evaluate proxied service if needed.
        Parameters:
        service - the service
        ticketGrantingTicket - the ticket granting ticket
        registeredService - the registered service

      • verifyTicketState

        protected void verifyTicketState​(org.apereo.cas.ticket.Ticket ticket,
                                 java.lang.String id,
                                 java.lang.Class clazz)
        Validate ticket expiration policy and throws exception if ticket is no longer valid. Expired tickets are also deleted from the registry immediately on demand.
        Parameters:
        ticket - the ticket
        id - the original id
        clazz - the clazz

      • updateTicket

        public org.apereo.cas.ticket.Ticket updateTicket​(org.apereo.cas.ticket.Ticket ticket)
        Specified by:
        updateTicket in interface org.apereo.cas.CentralAuthenticationService

      • resolveServiceFromAuthenticationRequest

        protected org.apereo.cas.authentication.principal.Service resolveServiceFromAuthenticationRequest​(org.apereo.cas.authentication.principal.Service service)
        Resolve service from authentication request.
        Parameters:
        service - the service
        Returns:
        the service

      • isTicketAuthenticityVerified

        protected boolean isTicketAuthenticityVerified​(java.lang.String ticketId)
        Verify the ticket id received is actually legitimate before contacting downstream systems to find and process it.
        Parameters:
        ticketId - the ticket id
        Returns:
        true/false