Class EncodingTicketService

java.lang.Object
net.shibboleth.idp.cas.ticket.impl.AbstractTicketService
net.shibboleth.idp.cas.ticket.impl.EncodingTicketService
All Implemented Interfaces:
TicketService

public class EncodingTicketService
extends AbstractTicketService
Ticket service that uses two different strategies for ticket persistence:
  1. Service tickets, proxy tickets, and root proxy-granting tickets are persisted by serializing ticket data and encrypting it into the opaque part of the ticket ID using a DataSealer.
  2. Chained proxy-granting tickets are persisted using a StorageService.

NOTE: The service tickets, proxy tickets, and root proxy-granting tickets produced by this component do not support one-time use. More precisely, removeServiceTicket(String) and removeProxyTicket(String) simply return a decoded ticket and do not invalidate the ticket in any way. Since there is no backing store for those types of tickets, they can be reused until one of the following conditions is met:

  1. The value of Ticket.getExpirationInstant() is exceeded.
  2. The DataSealer key used to encrypt data is revoked.
Since:
3.3.0
  • Field Details

    • SERVICE_TICKET_PREFIX

      public static final String SERVICE_TICKET_PREFIX
      Default service ticket prefix.
      See Also:
      Constant Field Values
    • PROXY_TICKET_PREFIX

      public static final String PROXY_TICKET_PREFIX
      Default proxy ticket prefix.
      See Also:
      Constant Field Values
    • PROXY_GRANTING_TICKET_PREFIX

      public static final String PROXY_GRANTING_TICKET_PREFIX
      Default proxy granting ticket prefix.
      See Also:
      Constant Field Values
    • NOT_USED

      private static final String NOT_USED
      Non-null marker value for unused ServiceTicket#id field and storage context name.
      See Also:
      Constant Field Values
    • log

      private final org.slf4j.Logger log
      Class logger.
    • dataSealer

      @Nonnull private final DataSealer dataSealer
      Data sealer that handles encryption of serialized service ticket data.
    • serviceTicketPrefix

      @NotEmpty private String serviceTicketPrefix
      Service ticket prefix.
    • proxyTicketPrefix

      @NotEmpty private String proxyTicketPrefix
      Proxy ticket prefix.
    • proxyGrantingTicketPrefix

      @NotEmpty private String proxyGrantingTicketPrefix
      Proxy granting ticket prefix.
  • Constructor Details

  • Method Details

    • setServiceTicketPrefix

      public void setServiceTicketPrefix​(String prefix)
      Sets the service ticket prefix. Default is ST.
      Parameters:
      prefix - Service ticket prefix.
    • setProxyTicketPrefix

      public void setProxyTicketPrefix​(String prefix)
      Sets the proxy ticket prefix. Default is PT.
      Parameters:
      prefix - Proxy ticket prefix.
    • setProxyGrantingTicketPrefix

      public void setProxyGrantingTicketPrefix​(String prefix)
      Sets the proxy granting ticket prefix. Default is PGT-E. Note that this MUST be distinct from the proxy granting ticket prefix used for regular proxy-granting ticket identifiers.
      Parameters:
      prefix - Proxy granting ticket prefix.
    • createServiceTicket

      @Nonnull public ServiceTicket createServiceTicket​(@Nonnull String id, @Nonnull Instant expiry, @Nonnull String service, @Nullable TicketState state, boolean renew)
      Description copied from interface: TicketService
      Creates and stores a ticket for the given service.
      Parameters:
      id - ID of ticket to create.
      expiry - Expiration date of service ticket.
      service - Service for which ticket is granted.
      state - Additional state to be stored with the ticket.
      renew - True to indicate the ticket was generated in response to a forced authentication, false otherwise.
      Returns:
      Created service ticket.
    • removeServiceTicket

      @Nullable public ServiceTicket removeServiceTicket​(@Nonnull String id)
      Description copied from interface: TicketService
      Removes the service ticket with the given identifier.
      Parameters:
      id - Identifier of ticket to remove.
      Returns:
      Removed ticket or null if not found.
    • createProxyTicket

      @Nonnull public ProxyTicket createProxyTicket​(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ProxyGrantingTicket pgt, @Nonnull String service)
      Description copied from interface: TicketService
      Creates and stores a proxy ticket for the given service.
      Parameters:
      id - ID of proxy-granting ticket to create.
      expiry - Expiration date of proxy ticket.
      pgt - Proxy-granting ticket used to create proxy ticket.
      service - Service for which ticket is granted.
      Returns:
      Created proxy ticket.
    • removeProxyTicket

      @Nullable public ProxyTicket removeProxyTicket​(@Nonnull String id)
      Description copied from interface: TicketService
      Removes the proxy ticket with the given identifier.
      Parameters:
      id - Identifier of ticket to remove.
      Returns:
      Removed ticket or null if not found.
    • createProxyGrantingTicket

      @Nullable public ProxyGrantingTicket createProxyGrantingTicket​(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ServiceTicket serviceTicket)
      Description copied from interface: TicketService
      Creates a top-level proxy-granting ticket from a service ticket.
      Specified by:
      createProxyGrantingTicket in interface TicketService
      Overrides:
      createProxyGrantingTicket in class AbstractTicketService
      Parameters:
      id - ID of proxy-granting ticket to create.
      expiry - Expiration date of proxy-granting ticket.
      serviceTicket - Successfully-validated service ticket.
      Returns:
      Created proxy-granting ticket.
    • fetchProxyGrantingTicket

      @Nullable public ProxyGrantingTicket fetchProxyGrantingTicket​(@Nonnull String id)
      Description copied from interface: TicketService
      Retrieves a proxy-granting ticket by its ID.
      Specified by:
      fetchProxyGrantingTicket in interface TicketService
      Overrides:
      fetchProxyGrantingTicket in class AbstractTicketService
      Parameters:
      id - Proxy-granting ticket ID.
      Returns:
      Proxy-granting ticket or null if not found.
    • removeProxyGrantingTicket

      @Nullable public ProxyGrantingTicket removeProxyGrantingTicket​(@Nonnull String id)
      Description copied from interface: TicketService
      Removes the proxy-granting ticket with the given identifier.
      Specified by:
      removeProxyGrantingTicket in interface TicketService
      Overrides:
      removeProxyGrantingTicket in class AbstractTicketService
      Parameters:
      id - Identifier of ticket to remove.
      Returns:
      Removed ticket or null if not found.
    • encode

      private <T extends Ticket> T encode​(Class<T> ticketClass, T ticket, String prefix)
      Encode a ticket.
      Type Parameters:
      T - type of ticket
      Parameters:
      ticketClass - class of ticket
      ticket - ticket
      prefix - ticket ID prefix
      Returns:
      ticket encoded ticket
    • decode

      private <T extends Ticket> T decode​(Class<T> ticketClass, String id, String prefix)
      Decode a ticket.
      Type Parameters:
      T - type of ticket
      Parameters:
      ticketClass - class of ticket
      id - ticket ID
      prefix - ticket ID prefix
      Returns:
      decoded ticket