Coverage Report

Coverage Report - org.acegisecurity.providers.cas.CasProxyDecider

Classes in this File

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.providers.cas;
 
 import java.util.List;
 
 
 /**
  * Decides whether a proxy list presented via CAS is trusted or not.
  *
  * <p>
  * CAS 1.0 allowed services to receive a service ticket and then validate it.
  * CAS 2.0 allows services to receive a service ticket and then validate it
  * with a proxy callback URL. The callback will enable the CAS server to
  * authenticate the service. In doing so the service will receive a
  * proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an
  * internal record that a proxy-granting ticket is due to be received via the
  * callback URL.
  * </p>
  *
  * <p>
  * With a proxy-granting ticket, a service can request the CAS server provides
  * it with a proxy ticket. A proxy ticket is just a service ticket, but the
  * CAS server internally tracks the list (chain) of services used to build the
  * proxy ticket. The proxy ticket is then presented to the target service.
  * </p>
  *
  * <p>
  * If this application is a target service of a proxy ticket, the
  * <code>CasProxyDecider</code> resolves whether or not the proxy list is
  * trusted. Applications should only trust services they allow to impersonate
  * an end user.
  * </p>
  *
  * <p>
  * If this application is a service that should never accept proxy-granting
  * tickets, the implementation should reject tickets that present a proxy list
  * with any members. If the list has no members, it indicates the CAS server
  * directly authenticated the user (ie there are no services which proxied the
  * user authentication).
  * </p>
  *
  * @author Ben Alex
  * @version $Id: CasProxyDecider.java 1784 2007-02-24 21:00:24Z luke_t $
  */
 public interface CasProxyDecider {
     //~ Methods ========================================================================================================
 
     /**
      * Decides whether the proxy list is trusted.
      * <p>Must throw any <code>ProxyUntrustedException</code> if the
      * proxy list is untrusted.</p>
      *
      * @param proxyList the list of proxies to be checked.
      *
      * @throws ProxyUntrustedException DOCUMENT ME!
      */
     void confirmProxyListTrusted(List proxyList)
         throws ProxyUntrustedException;
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.providers.cas;
17
18		import java.util.List;
19
20
21		/**
22		* Decides whether a proxy list presented via CAS is trusted or not.
23		*
24		* <p>
25		* CAS 1.0 allowed services to receive a service ticket and then validate it.
26		* CAS 2.0 allows services to receive a service ticket and then validate it
27		* with a proxy callback URL. The callback will enable the CAS server to
28		* authenticate the service. In doing so the service will receive a
29		* proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an
30		* internal record that a proxy-granting ticket is due to be received via the
31		* callback URL.
32		* </p>
33		*
34		* <p>
35		* With a proxy-granting ticket, a service can request the CAS server provides
36		* it with a proxy ticket. A proxy ticket is just a service ticket, but the
37		* CAS server internally tracks the list (chain) of services used to build the
38		* proxy ticket. The proxy ticket is then presented to the target service.
39		* </p>
40		*
41		* <p>
42		* If this application is a target service of a proxy ticket, the
43		* <code>CasProxyDecider</code> resolves whether or not the proxy list is
44		* trusted. Applications should only trust services they allow to impersonate
45		* an end user.
46		* </p>
47		*
48		* <p>
49		* If this application is a service that should never accept proxy-granting
50		* tickets, the implementation should reject tickets that present a proxy list
51		* with any members. If the list has no members, it indicates the CAS server
52		* directly authenticated the user (ie there are no services which proxied the
53		* user authentication).
54		* </p>
55		*
56		* @author Ben Alex
57		* @version $Id: CasProxyDecider.java 1784 2007-02-24 21:00:24Z luke_t $
58		*/
59		public interface CasProxyDecider {
60		//~ Methods ========================================================================================================
61
62		/**
63		* Decides whether the proxy list is trusted.
64		* <p>Must throw any <code>ProxyUntrustedException</code> if the
65		* proxy list is untrusted.</p>
66		*
67		* @param proxyList the list of proxies to be checked.
68		*
69		* @throws ProxyUntrustedException DOCUMENT ME!
70		*/
71		void confirmProxyListTrusted(List proxyList)
72		throws ProxyUntrustedException;
73		}