Package org.apereo.cas
Class AbstractCentralAuthenticationService
- java.lang.Object
-
- org.apereo.cas.AbstractCentralAuthenticationService
-
- All Implemented Interfaces:
java.io.Serializable
,org.apereo.cas.CentralAuthenticationService
,org.springframework.beans.factory.Aware
,org.springframework.context.ApplicationEventPublisherAware
- Direct Known Subclasses:
DefaultCentralAuthenticationService
public abstract class AbstractCentralAuthenticationService extends java.lang.Object implements org.apereo.cas.CentralAuthenticationService, java.io.Serializable, org.springframework.context.ApplicationEventPublisherAware
An abstract implementation of theCentralAuthenticationService
that provides access to the needed scaffolding and services that are necessary to CAS, such as ticket registry, service registry, etc. The intention here is to allow extensions to easily benefit from these already-configured components without having to to duplicate them again.- Since:
- 4.2.0
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description protected org.springframework.context.ApplicationEventPublisher
applicationEventPublisher
Application event publisher.protected org.apereo.cas.authentication.AuthenticationServiceSelectionPlan
authenticationRequestServiceSelectionStrategies
The service selection strategy during validation events.protected org.apereo.cas.util.crypto.CipherExecutor<java.lang.String,java.lang.String>
cipherExecutor
Cipher executor to handle ticket validation.protected org.apereo.cas.authentication.principal.PrincipalFactory
principalFactory
Factory to create the principal type.protected org.apereo.cas.audit.AuditableExecution
registeredServiceAccessStrategyEnforcer
Enforce registered service access in an auditable way since the access strategy is not usually managed as a Spring bean.protected org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory<org.apereo.cas.services.ServiceContext>
serviceContextAuthenticationPolicyFactory
Authentication policy that uses a service context to produce stateful security policies to apply when authenticating credentials.protected org.apereo.cas.authentication.principal.ServiceMatchingStrategy
serviceMatchingStrategy
Service matching strategy to ensure, primarily, that service tickets can be validated for services that owns them.protected org.apereo.cas.services.ServicesManager
servicesManager
Implementation of Service Manager.protected org.apereo.cas.ticket.TicketFactory
ticketFactory
The ticket factory.protected org.apereo.cas.ticket.registry.TicketRegistry
ticketRegistry
TicketRegistry
for storing and retrieving tickets as needed.
-
Constructor Summary
Constructors Constructor Description AbstractCentralAuthenticationService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description org.apereo.cas.ticket.Ticket
addTicket(org.apereo.cas.ticket.Ticket ticket)
int
deleteTicket(java.lang.String ticketId)
protected void
doPublishEvent(org.springframework.context.ApplicationEvent e)
Publish CAS events.protected void
evaluateProxiedServiceIfNeeded(org.apereo.cas.authentication.principal.Service service, org.apereo.cas.ticket.TicketGrantingTicket ticketGrantingTicket, org.apereo.cas.services.RegisteredService registeredService)
Evaluate proxied service if needed.protected org.apereo.cas.authentication.Authentication
getAuthenticationSatisfiedByPolicy(org.apereo.cas.authentication.Authentication authentication, org.apereo.cas.services.ServiceContext context)
Gets the authentication satisfied by policy.org.apereo.cas.ticket.Ticket
getTicket(@NonNull java.lang.String ticketId)
<T extends org.apereo.cas.ticket.Ticket>
TgetTicket(@NonNull java.lang.String ticketId, java.lang.Class<T> clazz)
java.util.Collection<org.apereo.cas.ticket.Ticket>
getTickets(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
protected boolean
isTicketAuthenticityVerified(java.lang.String ticketId)
Verify the ticket id received is actually legitimate before contacting downstream systems to find and process it.protected org.apereo.cas.authentication.principal.WebApplicationService
resolveServiceFromAuthenticationRequest(org.apereo.cas.authentication.principal.Service service)
Resolve service from authentication request.org.apereo.cas.ticket.Ticket
updateTicket(org.apereo.cas.ticket.Ticket ticket)
protected void
verifyTicketState(org.apereo.cas.ticket.Ticket ticket, java.lang.String id, java.lang.Class clazz)
Validate ticket expiration policy and throws exception if ticket is no longer valid.-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
-
-
-
Field Detail
-
applicationEventPublisher
protected org.springframework.context.ApplicationEventPublisher applicationEventPublisher
Application event publisher.
-
ticketRegistry
protected final org.apereo.cas.ticket.registry.TicketRegistry ticketRegistry
TicketRegistry
for storing and retrieving tickets as needed.
-
servicesManager
protected final org.apereo.cas.services.ServicesManager servicesManager
Implementation of Service Manager.
-
ticketFactory
protected final org.apereo.cas.ticket.TicketFactory ticketFactory
The ticket factory.
-
authenticationRequestServiceSelectionStrategies
protected final org.apereo.cas.authentication.AuthenticationServiceSelectionPlan authenticationRequestServiceSelectionStrategies
The service selection strategy during validation events.
-
serviceContextAuthenticationPolicyFactory
protected final org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory<org.apereo.cas.services.ServiceContext> serviceContextAuthenticationPolicyFactory
Authentication policy that uses a service context to produce stateful security policies to apply when authenticating credentials.
-
principalFactory
protected final org.apereo.cas.authentication.principal.PrincipalFactory principalFactory
Factory to create the principal type.
-
cipherExecutor
protected final org.apereo.cas.util.crypto.CipherExecutor<java.lang.String,java.lang.String> cipherExecutor
Cipher executor to handle ticket validation.
-
registeredServiceAccessStrategyEnforcer
protected final org.apereo.cas.audit.AuditableExecution registeredServiceAccessStrategyEnforcer
Enforce registered service access in an auditable way since the access strategy is not usually managed as a Spring bean.
-
serviceMatchingStrategy
protected final org.apereo.cas.authentication.principal.ServiceMatchingStrategy serviceMatchingStrategy
Service matching strategy to ensure, primarily, that service tickets can be validated for services that owns them.
-
-
Method Detail
-
doPublishEvent
protected void doPublishEvent(org.springframework.context.ApplicationEvent e)
Publish CAS events.- Parameters:
e
- the event
-
getTicket
@Transactional(transactionManager="ticketTransactionManager", noRollbackFor=org.apereo.cas.ticket.InvalidTicketException.class) public org.apereo.cas.ticket.Ticket getTicket(@NonNull @NonNull java.lang.String ticketId) throws org.apereo.cas.ticket.InvalidTicketException
- Specified by:
getTicket
in interfaceorg.apereo.cas.CentralAuthenticationService
- Throws:
org.apereo.cas.ticket.InvalidTicketException
-
getTicket
@Transactional(transactionManager="ticketTransactionManager", noRollbackFor=org.apereo.cas.ticket.InvalidTicketException.class) public <T extends org.apereo.cas.ticket.Ticket> T getTicket(@NonNull @NonNull java.lang.String ticketId, java.lang.Class<T> clazz) throws org.apereo.cas.ticket.InvalidTicketException
Note: Synchronization on ticket object in case of cache based registry doesn't serialize access to critical section. The reason is that cache pulls serialized data and builds new object, most likely for each pull. Is this synchronization needed here?
- Specified by:
getTicket
in interfaceorg.apereo.cas.CentralAuthenticationService
- Throws:
org.apereo.cas.ticket.InvalidTicketException
-
getTickets
@Transactional(transactionManager="ticketTransactionManager") public java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
- Specified by:
getTickets
in interfaceorg.apereo.cas.CentralAuthenticationService
-
deleteTicket
@Transactional(transactionManager="ticketTransactionManager") public int deleteTicket(java.lang.String ticketId)
- Specified by:
deleteTicket
in interfaceorg.apereo.cas.CentralAuthenticationService
-
getAuthenticationSatisfiedByPolicy
protected org.apereo.cas.authentication.Authentication getAuthenticationSatisfiedByPolicy(org.apereo.cas.authentication.Authentication authentication, org.apereo.cas.services.ServiceContext context) throws org.apereo.cas.ticket.AbstractTicketException
Gets the authentication satisfied by policy.- Parameters:
authentication
- the authenticationcontext
- the context- Returns:
- the authentication satisfied by policy
- Throws:
org.apereo.cas.ticket.AbstractTicketException
- the ticket exception
-
evaluateProxiedServiceIfNeeded
protected void evaluateProxiedServiceIfNeeded(org.apereo.cas.authentication.principal.Service service, org.apereo.cas.ticket.TicketGrantingTicket ticketGrantingTicket, org.apereo.cas.services.RegisteredService registeredService)
Evaluate proxied service if needed.- Parameters:
service
- the serviceticketGrantingTicket
- the ticket granting ticketregisteredService
- the registered service
-
verifyTicketState
protected void verifyTicketState(org.apereo.cas.ticket.Ticket ticket, java.lang.String id, java.lang.Class clazz)
Validate ticket expiration policy and throws exception if ticket is no longer valid. Expired tickets are also deleted from the registry immediately on demand.- Parameters:
ticket
- the ticketid
- the original idclazz
- the clazz
-
updateTicket
public org.apereo.cas.ticket.Ticket updateTicket(org.apereo.cas.ticket.Ticket ticket)
- Specified by:
updateTicket
in interfaceorg.apereo.cas.CentralAuthenticationService
-
addTicket
public org.apereo.cas.ticket.Ticket addTicket(org.apereo.cas.ticket.Ticket ticket)
- Specified by:
addTicket
in interfaceorg.apereo.cas.CentralAuthenticationService
-
resolveServiceFromAuthenticationRequest
protected org.apereo.cas.authentication.principal.WebApplicationService resolveServiceFromAuthenticationRequest(org.apereo.cas.authentication.principal.Service service)
Resolve service from authentication request.- Parameters:
service
- the service- Returns:
- the service
-
isTicketAuthenticityVerified
protected boolean isTicketAuthenticityVerified(java.lang.String ticketId)
Verify the ticket id received is actually legitimate before contacting downstream systems to find and process it.- Parameters:
ticketId
- the ticket id- Returns:
- true/false
-
-