public interface CasProxyDecider
CAS 1.0 allowed services to receive a service ticket and then validate it. CAS 2.0 allows services to receive a service ticket and then validate it with a proxy callback URL. The callback will enable the CAS server to authenticate the service. In doing so the service will receive a proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an internal record that a proxy-granting ticket is due to be received via the callback URL.
With a proxy-granting ticket, a service can request the CAS server provides it with a proxy ticket. A proxy ticket is just a service ticket, but the CAS server internally tracks the list (chain) of services used to build the proxy ticket. The proxy ticket is then presented to the target service.
If this application is a target service of a proxy ticket, the
CasProxyDecider
resolves whether or not the proxy list is
trusted. Applications should only trust services they allow to impersonate
an end user.
If this application is a service that should never accept proxy-granting tickets, the implementation should reject tickets that present a proxy list with any members. If the list has no members, it indicates the CAS server directly authenticated the user (ie there are no services which proxied the user authentication).
Modifier and Type | Method and Description |
---|---|
void |
confirmProxyListTrusted(List proxyList)
Decides whether the proxy list is trusted.
|
void confirmProxyListTrusted(List proxyList) throws ProxyUntrustedException
Must throw any ProxyUntrustedException
if the
proxy list is untrusted.
proxyList
- the list of proxies to be checked.ProxyUntrustedException
- DOCUMENT ME!Copyright © 2019. All rights reserved.