|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface CasProxyDecider
Decides whether a proxy list presented via CAS is trusted or not.
CAS 1.0 allowed services to receive a service ticket and then validate it. CAS 2.0 allows services to receive a service ticket and then validate it with a proxy callback URL. The callback will enable the CAS server to authenticate the service. In doing so the service will receive a proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an internal record that a proxy-granting ticket is due to be received via the callback URL.
With a proxy-granting ticket, a service can request the CAS server provides it with a proxy ticket. A proxy ticket is just a service ticket, but the CAS server internally tracks the list (chain) of services used to build the proxy ticket. The proxy ticket is then presented to the target service.
If this application is a target service of a proxy ticket, the
CasProxyDecider
resolves whether or not the proxy list is
trusted. Applications should only trust services they allow to impersonate
an end user.
If this application is a service that should never accept proxy-granting tickets, the implementation should reject tickets that present a proxy list with any members. If the list has no members, it indicates the CAS server directly authenticated the user (ie there are no services which proxied the user authentication).
Method Summary | |
---|---|
void |
confirmProxyListTrusted(List proxyList)
Decides whether the proxy list is trusted. |
Method Detail |
---|
void confirmProxyListTrusted(List proxyList) throws ProxyUntrustedException
Must throw any ProxyUntrustedException
if the
proxy list is untrusted.
proxyList
- the list of proxies to be checked.
ProxyUntrustedException
- DOCUMENT ME!
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |