|
||||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||
See:
Description
| Interface Summary | |
|---|---|
| Credentials | Marker interface for credentials required to authenticate a principal. |
| CredentialsToPrincipalResolver | CredentialsToPrincipalResolvers extract information from the Credentials provided and determine the Principal represented by those credentials. |
| PersistentIdGenerator | Generates a unique consistant Id based on the principal, a service, and some algorithm. |
| Principal | Generic concept of an authenticated thing. |
| RememberMeCredentials | Credentials that wish to handle remember me scenarios need to implement this class. |
| Service | Marker interface for Services. |
| WebApplicationService | Represents a service using CAS that comes from the web. |
| Class Summary | |
|---|---|
| AbstractPersonDirectoryCredentialsToPrincipalResolver | |
| AbstractWebApplicationService | Abstract implementation of a WebApplicationService. |
| GoogleAccountsService | Implementation of a Service that supports Google Accounts (eventually a more generic SAML2 support will come). |
| HttpBasedServiceCredentials | The Credentials representing an HTTP-based service. |
| HttpBasedServiceCredentialsToPrincipalResolver | HttpBasedServiceCredentialsToPrincipalResolver extracts the callbackUrl from the HttpBasedServiceCredentials and constructs a SimpleService with the callbackUrl as the unique Id. |
| RememberMeAuthenticationMetaDataPopulator | Determines if the credentials provided are for Remember Me Services and then sets the appropriate Authentication attribute if remember me services have been requested. |
| RememberMeUsernamePasswordCredentials | Handles both remember me services and username and password. |
| Response | Encapsulates a Response to send back for a particular service. |
| SamlService | Class to represent that this service wants to use SAML. |
| ShibbolethCompatiblePersistentIdGenerator | Generates PersistentIds based on the Shibboleth algorithm. |
| SimplePrincipal | Simple implementation of a AttributePrincipal that exposes an unmodifiable map of attributes. |
| SimpleWebApplicationServiceImpl | Represents a service which wishes to use the CAS protocol. |
| UsernamePasswordCredentials | UsernamePasswordCredentials respresents the username and password that a user may provide in order to prove the authenticity of who they say they are. |
| UsernamePasswordCredentialsToPrincipalResolver | Implementation of CredentialsToPrincipalResolver for Credentials based on UsernamePasswordCredentials when a SimplePrincipal (username only) is sufficient. |
| Enum Summary | |
|---|---|
| Response.ResponseType | |
Credentials is a marker interface for an opaque object that may be recognized by Handlers and Resolvers. Credentials may be a Userid/Password, Certificate, RemoteUser, IP address, etc.
When the simple AuthenticationManagerImpl is used, that bean is configured with a list of AuthenticationHandlers that validate Credentials and CredentialsToPrincipalResolvers that turn Credentials into Principal objects.
The Authentication Handler validates Credentials but does not extract information. This seems curious in the simple case when the credentials are a Userid/Password. It becomes clearer for a Certificate. A Certificate is valid if you trust the CA, if it hasn't expired, and if it isn't revoked. You can decide all this, and still not have the foggiest idea what ID to give to the person (if it is a person) reprepsented by the Certificate.
The CredentialsToPrincipalResolver looks into previously validated Credentials to construct a Principal object containing an ID (and in more complex cases some attributes). The DefaultCredentialsToPrincipalResolver takes UsernamePasswordCredentials and creates a SimplePrincipal containing the Userid.
|
||||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||