Package org.apereo.cas

Interface CentralAuthenticationService

  • public interface CentralAuthenticationService
    CAS viewed as a set of services to generate and validate Tickets.

    This is the interface between a Web HTML, Web Services, RMI, or any other request processing layer and the CAS Service viewed as a mechanism to generate, store, validate, and retrieve Tickets containing Authentication information. The features of the request processing layer (the HttpXXX Servlet objects) are not visible here or in any modules behind this layer. In theory, a standalone application could call these methods directly as a private authentication service.

    Since:
    3.0.0

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String NAMESPACE
      CAS namespace.

    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods 
      Modifier and Type Method Description
      org.apereo.cas.ticket.proxy.ProxyGrantingTicket createProxyGrantingTicket​(java.lang.String serviceTicketId, org.apereo.cas.authentication.AuthenticationResult authenticationResult)
      Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.
      org.apereo.cas.ticket.TicketGrantingTicket createTicketGrantingTicket​(org.apereo.cas.authentication.AuthenticationResult authenticationResult)
      Create a TicketGrantingTicket by authenticating credentials.
      default void deleteTicket​(java.lang.String ticketId)
      Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it.
      java.util.List<org.apereo.cas.logout.slo.SingleLogoutRequest> destroyTicketGrantingTicket​(java.lang.String ticketGrantingTicketId)
      Destroy a TicketGrantingTicket and perform back channel logout.
      org.apereo.cas.ticket.Ticket getTicket​(java.lang.String ticketId)
      Obtains the given ticket by its id and returns the CAS-representative object.
      <T extends org.apereo.cas.ticket.Ticket>
      T      		 getTicket​(java.lang.String ticketId, java.lang.Class<T> clazz)
      Obtains the given ticket by its id and type and returns the CAS-representative object.
      java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets​(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
      Retrieve a collection of tickets from the underlying ticket registry.
      org.apereo.cas.ticket.proxy.ProxyTicket grantProxyTicket​(java.lang.String proxyGrantingTicket, org.apereo.cas.authentication.principal.Service service)
      Grant a ProxyTicket that may be used to access the given service by authenticating the given credentials.
      org.apereo.cas.ticket.ServiceTicket grantServiceTicket​(java.lang.String ticketGrantingTicketId, org.apereo.cas.authentication.principal.Service service, org.apereo.cas.authentication.AuthenticationResult authenticationResult)
      Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials.
      org.apereo.cas.ticket.Ticket updateTicket​(org.apereo.cas.ticket.Ticket ticket)
      Updates the ticket instance in the underlying storage mechanism.
      org.apereo.cas.validation.Assertion validateServiceTicket​(java.lang.String serviceTicketId, org.apereo.cas.authentication.principal.Service service)
      Validate a ServiceTicket for a particular Service.

    • Field Detail

      • NAMESPACE

        static final java.lang.String NAMESPACE
        CAS namespace.

    • Method Detail

      • createTicketGrantingTicket

        org.apereo.cas.ticket.TicketGrantingTicket createTicketGrantingTicket​(org.apereo.cas.authentication.AuthenticationResult authenticationResult)
                                                               throws org.apereo.cas.authentication.AuthenticationException,
                                                                      org.apereo.cas.ticket.AbstractTicketException
        Create a TicketGrantingTicket by authenticating credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.
        Parameters:
        authenticationResult - the current authentication result in order to create the ticket.
        Returns:
        Non -null ticket-granting ticket identifier.
        Throws:
        org.apereo.cas.authentication.AuthenticationException - on errors authenticating the credentials
        org.apereo.cas.ticket.AbstractTicketException - if ticket cannot be created

      • updateTicket

        org.apereo.cas.ticket.Ticket updateTicket​(org.apereo.cas.ticket.Ticket ticket)
        Updates the ticket instance in the underlying storage mechanism. The properties of a given ticket, such as its authentication attributes may have changed during various legs of the authentication flow.
        Parameters:
        ticket - the ticket
        Returns:
        the updated ticket
        Since:
        5.0.0

      • getTicket

        org.apereo.cas.ticket.Ticket getTicket​(java.lang.String ticketId)
                                throws org.apereo.cas.ticket.InvalidTicketException
        Obtains the given ticket by its id and returns the CAS-representative object. Implementations need to check for the validity of the ticket by making sure it exists and has not expired yet, etc. This method is specifically designed to remove the need to access the ticket registry.
        Parameters:
        ticketId - the ticket granting ticket id
        Returns:
        the ticket object
        Throws:
        org.apereo.cas.ticket.InvalidTicketException - the invalid ticket exception
        Since:
        5.0.0

      • getTicket

        <T extends org.apereo.cas.ticket.Ticket> T getTicket​(java.lang.String ticketId,
                                                     java.lang.Class<T> clazz)
                                              throws org.apereo.cas.ticket.InvalidTicketException
        Obtains the given ticket by its id and type and returns the CAS-representative object. Implementations need to check for the validity of the ticket by making sure it exists and has not expired yet, etc. This method is specifically designed to remove the need to access the ticket registry.
        Type Parameters:
        T - the generic ticket type to return that extends Ticket
        Parameters:
        ticketId - the ticket granting ticket id
        clazz - the ticket type that is requested to be found
        Returns:
        the ticket object
        Throws:
        org.apereo.cas.ticket.InvalidTicketException - the invalid ticket exception
        Since:
        4.1.0

      • deleteTicket

        default void deleteTicket​(java.lang.String ticketId)
        Attempts to delete a ticket from the underlying store and is allowed to run any number of processing on the ticket and removal op before invoking it. The ticket id can be associated with any ticket type that is valid and understood by CAS and the underlying ticket store; however some special cases require that you invoke the appropriate operation when destroying tickets, such destroyTicketGrantingTicket(String).
        Parameters:
        ticketId - the ticket id

      • getTickets

        java.util.Collection<org.apereo.cas.ticket.Ticket> getTickets​(java.util.function.Predicate<org.apereo.cas.ticket.Ticket> predicate)
        Retrieve a collection of tickets from the underlying ticket registry. The retrieval operation must pass the predicate check that is solely used to filter the collection of tickets received. Implementations can use the predicate to request a collection of expired tickets, or tickets whose id matches a certain pattern, etc. The resulting collection will include tickets that have been evaluated by the predicate.
        Parameters:
        predicate - the predicate
        Returns:
        the tickets
        Since:
        4.1.0

      • grantServiceTicket

        org.apereo.cas.ticket.ServiceTicket grantServiceTicket​(java.lang.String ticketGrantingTicketId,
                                                       org.apereo.cas.authentication.principal.Service service,
                                                       org.apereo.cas.authentication.AuthenticationResult authenticationResult)
                                                throws org.apereo.cas.authentication.AuthenticationException,
                                                       org.apereo.cas.ticket.AbstractTicketException
        Grant a ServiceTicket that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

        The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.

        Parameters:
        ticketGrantingTicketId - Proof of prior authentication.
        service - The target service of the ServiceTicket.
        authenticationResult - The authentication context established if credentials provided
        Returns:
        Non -null service ticket identifier.
        Throws:
        org.apereo.cas.authentication.AuthenticationException - on errors authenticating the credentials
        org.apereo.cas.ticket.AbstractTicketException - if the ticket could not be created.

      • grantProxyTicket

        org.apereo.cas.ticket.proxy.ProxyTicket grantProxyTicket​(java.lang.String proxyGrantingTicket,
                                                         org.apereo.cas.authentication.principal.Service service)
                                                  throws org.apereo.cas.ticket.AbstractTicketException
        Grant a ProxyTicket that may be used to access the given service by authenticating the given credentials. The details of the security policy around credential authentication and the definition of authentication success are dependent on the implementation, but it SHOULD be safe to assume that at least one credential MUST be authenticated for ticket creation to succeed.

        The principal that is resolved from the authenticated credentials MUST be the same as that to which the given ticket-granting ticket was issued.

        Parameters:
        proxyGrantingTicket - Proof of prior authentication.
        service - The target service of the ServiceTicket.
        Returns:
        Non -null service ticket identifier.
        Throws:
        org.apereo.cas.ticket.AbstractTicketException - if the ticket could not be created.

      • validateServiceTicket

        org.apereo.cas.validation.Assertion validateServiceTicket​(java.lang.String serviceTicketId,
                                                          org.apereo.cas.authentication.principal.Service service)
                                                   throws org.apereo.cas.ticket.AbstractTicketException
        Validate a ServiceTicket for a particular Service.
        Parameters:
        serviceTicketId - Proof of prior authentication.
        service - Service wishing to validate a prior authentication.
        Returns:
        Non -null ticket validation assertion.
        Throws:
        org.apereo.cas.ticket.AbstractTicketException - if there was an error validating the ticket.

      • destroyTicketGrantingTicket

        java.util.List<org.apereo.cas.logout.slo.SingleLogoutRequest> destroyTicketGrantingTicket​(java.lang.String ticketGrantingTicketId)
        Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an IllegalArgumentException if the TicketGrantingTicket ID is null.
        Parameters:
        ticketGrantingTicketId - the id of the ticket we want to destroy
        Returns:
        the logout requests.

      • createProxyGrantingTicket

        org.apereo.cas.ticket.proxy.ProxyGrantingTicket createProxyGrantingTicket​(java.lang.String serviceTicketId,
                                                                          org.apereo.cas.authentication.AuthenticationResult authenticationResult)
                                                                   throws org.apereo.cas.authentication.AuthenticationException,
                                                                          org.apereo.cas.ticket.AbstractTicketException
        Delegate a TicketGrantingTicket to a Service for proxying authentication to other Services.
        Parameters:
        serviceTicketId - The service ticket identifier that will delegate to a TicketGrantingTicket.
        authenticationResult - The current authentication context before this ticket can be granted.
        Returns:
        Non -null ticket-granting ticket identifier that can grant ServiceTicket that proxy authentication.
        Throws:
        org.apereo.cas.authentication.AuthenticationException - on errors authenticating the credentials
        org.apereo.cas.ticket.AbstractTicketException - if there was an error creating the ticket