Package org.jasig.cas.authentication.principal

Credentials is a marker interface for an opaque object that may be recognized by Handlers and Resolvers.

See: Description

Interface Summary

Interface	Description
PersistentIdGenerator	Generates a unique consistant Id based on the principal, a service, and some algorithm.
Principal	Generic concept of an authenticated thing.
PrincipalResolver	Resolves a Principal from a Credential using an arbitrary strategy.
Service	Marker interface for Services.
SingleLogoutService	Define a service which support single logout.
WebApplicationService	Represents a service using CAS that comes from the web.

Class Summary

Class	Description
AbstractWebApplicationService	Abstract implementation of a WebApplicationService.
BasicPrincipalResolver	Provides the most basic means of principal resolution by mapping Credential.getId() onto Principal.getId().
ChainingPrincipalResolver	Delegates to one or more principal resolves in series to resolve a principal.
PersonDirectoryPrincipalResolver	Resolves principals by querying a data source using the Jasig Person Directory API.
RememberMeAuthenticationMetaDataPopulator	Determines if the credential provided are for Remember Me Services and then sets the appropriate Authentication attribute if remember me services have been requested.
Response	Encapsulates a Response to send back for a particular service.
ShibbolethCompatiblePersistentIdGenerator	Generates PersistentIds based on the Shibboleth algorithm.
SimplePrincipal	Simple implementation of a AttributePrincipal that exposes an unmodifiable map of attributes.
SimpleWebApplicationServiceImpl	Represents a service which wishes to use the CAS protocol.

Enum Summary

Enum	Description
Response.ResponseType	An enumeration of different response types.

Package org.jasig.cas.authentication.principal Description

Credentials is a marker interface for an opaque object that may be recognized by Handlers and Resolvers. Credentials may be a Userid/Password, Certificate, RemoteUser, IP address, etc.

When the simple AuthenticationManagerImpl is used, that bean is configured with a list of AuthenticationHandlers that validate Credentials and CredentialsToPrincipalResolvers that turn Credentials into Principal objects.

The Authentication Handler validates Credentials but does not extract information. This seems curious in the simple case when the credential are a Userid/Password. It becomes clearer for a Certificate. A Certificate is valid if you trust the CA, if it hasn't expired, and if it isn't revoked. You can decide all this, and still not have the foggiest idea what ID to give to the person (if it is a person) reprepsented by the Certificate.

The CredentialsToPrincipalResolver looks into previously validated Credentials to construct a Principal object containing an ID (and in more complex cases some attributes). The DefaultCredentialsToPrincipalResolver takes UsernamePasswordCredentials and creates a SimplePrincipal containing the Userid.