org.jasig.cas.remoting.server

Class RemoteCentralAuthenticationService

java.lang.Object

org.jasig.cas.remoting.server.RemoteCentralAuthenticationService

All Implemented Interfaces:

CentralAuthenticationService

public final class RemoteCentralAuthenticationService
extends Object
implements CentralAuthenticationService

Wrapper implementation around a CentralAuthenticationService that does completes the marshalling of parameters from the web-service layer to the service layer. Typically the only thing that is done is to validate the parameters (as you would in the web tier) and then delegate to the service layer.

The following properties are required:

• centralAuthenticationService - the service layer we are delegating to.

Since:

3.0

Author:

Scott Battaglia

Constructor Summary

Constructors

Constructor and Description
RemoteCentralAuthenticationService()

Method Summary

Methods

Modifier and Type	Method and Description
String	createTicketGrantingTicket(Credential... credentials) Create a TicketGrantingTicket by authenticating credentials.
String	delegateTicketGrantingTicket(String serviceTicketId, Credential... credentials) Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.
List<LogoutRequest>	destroyTicketGrantingTicket(String ticketGrantingTicketId) Destroy a TicketGrantingTicket and perform back channel logout.
String	grantServiceTicket(String ticketGrantingTicketId, Service service) Grants a ServiceTicket that may be used to access the given service.
String	grantServiceTicket(String ticketGrantingTicketId, Service service, Credential... credentials) Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials.
void	setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) Set the CentralAuthenticationService.
void	setValidator(javax.validation.Validator validator) Set the list of validators.
Assertion	validateServiceTicket(String serviceTicketId, Service service) Validate a ServiceTicket for a particular Service.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RemoteCentralAuthenticationService

public RemoteCentralAuthenticationService()

Method Detail

createTicketGrantingTicket

public String createTicketGrantingTicket(Credential... credentials)
                                  throws AuthenticationException,
                                         TicketException

Create a TicketGrantingTicket by authenticating credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

Specified by:

createTicketGrantingTicket in interface CentralAuthenticationService

Parameters:

credentials - One or more credentials that may be authenticated in order to create the ticket.

Returns:

Non-null ticket-granting ticket identifier.

Throws:

IllegalArgumentException - if the Credentials are null or if given invalid credentials.

AuthenticationException - on errors authenticating the credentials

TicketException - if ticket cannot be created

grantServiceTicket

public String grantServiceTicket(String ticketGrantingTicketId,
                        Service service)
                          throws TicketException

Grants a ServiceTicket that may be used to access the given service.

Specified by:

grantServiceTicket in interface CentralAuthenticationService

Parameters:

ticketGrantingTicketId - Proof of prior authentication.

service - The target service of the ServiceTicket.

Returns:

Non-null service ticket identifier.

Throws:

TicketException - if the ticket could not be created.

grantServiceTicket

public String grantServiceTicket(String ticketGrantingTicketId,
                        Service service,
                        Credential... credentials)
                          throws AuthenticationException,
                                 TicketException

Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.

Specified by:

grantServiceTicket in interface CentralAuthenticationService

Parameters:

ticketGrantingTicketId - Proof of prior authentication.

service - The target service of the ServiceTicket.

credentials - One or more credentials to authenticate prior to granting the service ticket.

Returns:

Non-null service ticket identifier.

Throws:

IllegalArgumentException - if given invalid credentials

AuthenticationException - on errors authenticating the credentials

TicketException - if the ticket could not be created.

validateServiceTicket

public Assertion validateServiceTicket(String serviceTicketId,
                              Service service)
                                throws TicketException

Validate a ServiceTicket for a particular Service.

Specified by:

validateServiceTicket in interface CentralAuthenticationService

Parameters:

serviceTicketId - Proof of prior authentication.

service - Service wishing to validate a prior authentication.

Returns:

Non-null ticket validation assertion.

Throws:

TicketException - if there was an error validating the ticket.

destroyTicketGrantingTicket

public List<LogoutRequest> destroyTicketGrantingTicket(String ticketGrantingTicketId)

Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an IllegalArgumentException if the TicketGrantingTicket ID is null.

Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an IllegalArgumentException if the TicketGrantingTicket ID is null.

Specified by:

destroyTicketGrantingTicket in interface CentralAuthenticationService

Parameters:

ticketGrantingTicketId - the id of the ticket we want to destroy

Returns:

the logout requests.

delegateTicketGrantingTicket

public String delegateTicketGrantingTicket(String serviceTicketId,
                                  Credential... credentials)
                                    throws AuthenticationException,
                                           TicketException

Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.

Specified by:

delegateTicketGrantingTicket in interface CentralAuthenticationService

Parameters:

serviceTicketId - The service ticket identifier that will delegate to a TicketGrantingTicket.

credentials - One or more credentials to authenticate prior to delegating the ticket.

Returns:

Non-null ticket-granting ticket identifier that can grant ServiceTicket that proxy authentication.

Throws:

IllegalArgumentException - if the credentials are invalid.

AuthenticationException - on errors authenticating the credentials

TicketException - if there was an error creating the ticket

setCentralAuthenticationService

public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService)

Set the CentralAuthenticationService.

Parameters:

centralAuthenticationService - The CentralAuthenticationService to set.

setValidator

public void setValidator(javax.validation.Validator validator)

Set the list of validators.

Parameters:

validator - The array of validators to use.