Class GrantProxyTicketAction

All Implemented Interfaces:
Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class GrantProxyTicketAction
extends AbstractCASProtocolAction<ProxyTicketRequest,​ProxyTicketResponse>
Generates and stores a CAS protocol proxy ticket. Possible outcomes:
  • Field Details

    • log

      @Nonnull private final org.slf4j.Logger log
      Class logger.
    • configLookupFunction

      @Nonnull private final ConfigLookupFunction<ProxyConfiguration> configLookupFunction
      Profile configuration lookup function.
    • casTicketService

      @Nonnull private final TicketService casTicketService
      Manages CAS tickets.
    • sessionResolver

      @Nonnull private final SessionResolver sessionResolver
      Looks up IdP sessions.
    • validateIdPSessionPredicate

      @Nonnull private Predicate<ProfileRequestContext> validateIdPSessionPredicate
      Whether to resolve and validate IdP session as part of granting a proxy ticket.
    • proxyConfig

      @Nullable private ProxyConfiguration proxyConfig
      Profile config.
    • securityConfig

      @Nullable private SecurityConfiguration securityConfig
      Security config.
    • pgt

      @Nullable private ProxyGrantingTicket pgt
      CAS ticket.
    • request

      @Nullable private ProxyTicketRequest request
      CAS request.
  • Constructor Details

    • GrantProxyTicketAction

      public GrantProxyTicketAction​(@Nonnull TicketService ticketService, @Nonnull SessionResolver resolver)
      Constructor.
      Parameters:
      ticketService - Ticket service component.
      resolver - session resolver
  • Method Details

    • setValidateIdPSessionPredicate

      public void setValidateIdPSessionPredicate​(@Nonnull Predicate<ProfileRequestContext> predicate)
      Sets the predicate used to determine whether IdP session validation is performed during the process of granting a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that evaluates to true under any condition, a server-side storage service must be enabled for IdP session storage.
      Parameters:
      predicate - Session validation predicate. Default is Predicates.alwaysFalse().
    • doPreExecute

      protected boolean doPreExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doPreExecute in class AbstractConditionalProfileAction
    • doExecute

      protected void doExecute​(@Nonnull ProfileRequestContext profileRequestContext)
      Overrides:
      doExecute in class AbstractProfileAction