Class EncodingTicketService
java.lang.Object
net.shibboleth.idp.cas.ticket.impl.AbstractTicketService
net.shibboleth.idp.cas.ticket.impl.EncodingTicketService
- All Implemented Interfaces:
TicketService
Ticket service that uses two different strategies for ticket persistence:
- Service tickets, proxy tickets, and root proxy-granting tickets are persisted by serializing
ticket data and encrypting it into the opaque part of the ticket ID using a
DataSealer. - Chained proxy-granting tickets are persisted using a
StorageService.
NOTE: The service tickets, proxy tickets, and root proxy-granting tickets produced by
this component do not support one-time use. More precisely, removeServiceTicket(String) and
removeProxyTicket(String) simply return a decoded ticket and do not invalidate the ticket in any way.
Since there is no backing store for those types of tickets, they can be reused until one of the following
conditions is met:
- The value of
Ticket.getExpirationInstant()is exceeded. - The
DataSealerkey used to encrypt data is revoked.
- Since:
- 3.3.0
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final DataSealerData sealer that handles encryption of serialized service ticket data.private final org.slf4j.LoggerClass logger.private static final StringNon-null marker value for unused ServiceTicket#id field and storage context name.static final StringDefault proxy granting ticket prefix.static final StringDefault proxy ticket prefix.private StringProxy granting ticket prefix.private StringProxy ticket prefix.static final StringDefault service ticket prefix.private StringService ticket prefix. -
Constructor Summary
ConstructorsConstructorDescriptionEncodingTicketService(StorageService service, DataSealer sealer) Creates a new instance. -
Method Summary
Modifier and TypeMethodDescriptioncreateProxyGrantingTicket(String id, Instant expiry, ServiceTicket serviceTicket) Creates a top-level proxy-granting ticket from a service ticket.createProxyTicket(String id, Instant expiry, ProxyGrantingTicket pgt, String service) Creates and stores a proxy ticket for the given service.createServiceTicket(String id, Instant expiry, String service, TicketState state, boolean renew) Creates and stores a ticket for the given service.private <T extends Ticket>
TDecode a ticket.private <T extends Ticket>
TEncode a ticket.Retrieves a proxy-granting ticket by its ID.Removes the proxy-granting ticket with the given identifier.Removes the proxy ticket with the given identifier.Removes the service ticket with the given identifier.voidsetProxyGrantingTicketPrefix(String prefix) Sets the proxy granting ticket prefix.voidsetProxyTicketPrefix(String prefix) Sets the proxy ticket prefix.voidsetServiceTicketPrefix(String prefix) Sets the service ticket prefix.Methods inherited from class net.shibboleth.idp.cas.ticket.impl.AbstractTicketService
context, createProxyGrantingTicket, delete, read, serializer, store
-
Field Details
-
SERVICE_TICKET_PREFIX
Default service ticket prefix.- See Also:
-
PROXY_TICKET_PREFIX
Default proxy ticket prefix.- See Also:
-
PROXY_GRANTING_TICKET_PREFIX
Default proxy granting ticket prefix.- See Also:
-
NOT_USED
Non-null marker value for unused ServiceTicket#id field and storage context name.- See Also:
-
log
private final org.slf4j.Logger logClass logger. -
dataSealer
Data sealer that handles encryption of serialized service ticket data. -
serviceTicketPrefix
Service ticket prefix. -
proxyTicketPrefix
Proxy ticket prefix. -
proxyGrantingTicketPrefix
Proxy granting ticket prefix.
-
-
Constructor Details
-
EncodingTicketService
public EncodingTicketService(@Nonnull @ParameterName(name="service") StorageService service, @Nonnull @ParameterName(name="sealer") DataSealer sealer) Creates a new instance.- Parameters:
service- Storage service to which tickets are persisted.sealer- data sealer
-
-
Method Details
-
setServiceTicketPrefix
Sets the service ticket prefix. Default is ST.- Parameters:
prefix- Service ticket prefix.
-
setProxyTicketPrefix
Sets the proxy ticket prefix. Default is PT.- Parameters:
prefix- Proxy ticket prefix.
-
setProxyGrantingTicketPrefix
Sets the proxy granting ticket prefix. Default is PGT-E. Note that this MUST be distinct from the proxy granting ticket prefix used for regular proxy-granting ticket identifiers.- Parameters:
prefix- Proxy granting ticket prefix.
-
createServiceTicket
@Nonnull public ServiceTicket createServiceTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull String service, @Nullable TicketState state, boolean renew) Description copied from interface:TicketServiceCreates and stores a ticket for the given service.- Parameters:
id- ID of ticket to create.expiry- Expiration date of service ticket.service- Service for which ticket is granted.state- Additional state to be stored with the ticket.renew- True to indicate the ticket was generated in response to a forced authentication, false otherwise.- Returns:
- Created service ticket.
-
removeServiceTicket
Description copied from interface:TicketServiceRemoves the service ticket with the given identifier.- Parameters:
id- Identifier of ticket to remove.- Returns:
- Removed ticket or null if not found.
-
createProxyTicket
@Nonnull public ProxyTicket createProxyTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ProxyGrantingTicket pgt, @Nonnull String service) Description copied from interface:TicketServiceCreates and stores a proxy ticket for the given service.- Parameters:
id- ID of proxy-granting ticket to create.expiry- Expiration date of proxy ticket.pgt- Proxy-granting ticket used to create proxy ticket.service- Service for which ticket is granted.- Returns:
- Created proxy ticket.
-
removeProxyTicket
Description copied from interface:TicketServiceRemoves the proxy ticket with the given identifier.- Parameters:
id- Identifier of ticket to remove.- Returns:
- Removed ticket or null if not found.
-
createProxyGrantingTicket
@Nullable public ProxyGrantingTicket createProxyGrantingTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ServiceTicket serviceTicket) Description copied from interface:TicketServiceCreates a top-level proxy-granting ticket from a service ticket.- Specified by:
createProxyGrantingTicketin interfaceTicketService- Overrides:
createProxyGrantingTicketin classAbstractTicketService- Parameters:
id- ID of proxy-granting ticket to create.expiry- Expiration date of proxy-granting ticket.serviceTicket- Successfully-validated service ticket.- Returns:
- Created proxy-granting ticket.
-
fetchProxyGrantingTicket
Description copied from interface:TicketServiceRetrieves a proxy-granting ticket by its ID.- Specified by:
fetchProxyGrantingTicketin interfaceTicketService- Overrides:
fetchProxyGrantingTicketin classAbstractTicketService- Parameters:
id- Proxy-granting ticket ID.- Returns:
- Proxy-granting ticket or null if not found.
-
removeProxyGrantingTicket
Description copied from interface:TicketServiceRemoves the proxy-granting ticket with the given identifier.- Specified by:
removeProxyGrantingTicketin interfaceTicketService- Overrides:
removeProxyGrantingTicketin classAbstractTicketService- Parameters:
id- Identifier of ticket to remove.- Returns:
- Removed ticket or null if not found.
-
encode
Encode a ticket.- Type Parameters:
T- type of ticket- Parameters:
ticketClass- class of ticketticket- ticketprefix- ticket ID prefix- Returns:
- ticket encoded ticket
-
decode
Decode a ticket.- Type Parameters:
T- type of ticket- Parameters:
ticketClass- class of ticketid- ticket IDprefix- ticket ID prefix- Returns:
- decoded ticket
-