Package net.shibboleth.idp.cas.flow.impl

Class GrantProxyTicketAction

java.lang.Object

net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

org.opensaml.profile.action.AbstractProfileAction

org.opensaml.profile.action.AbstractConditionalProfileAction

net.shibboleth.idp.profile.AbstractProfileAction

net.shibboleth.idp.cas.flow.impl.AbstractCASProtocolAction<ProxyTicketRequest,ProxyTicketResponse>

net.shibboleth.idp.cas.flow.impl.GrantProxyTicketAction

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action

public class GrantProxyTicketAction
extends AbstractCASProtocolAction<ProxyTicketRequest,ProxyTicketResponse>

Generates and stores a CAS protocol proxy ticket. Possible outcomes:

• null on success
• TicketCreationError
• IllegalState

Field Summary

Fields

Modifier and Type	Field	Description
private final TicketService	casTicketService	Manages CAS tickets.
private final ConfigLookupFunction<ProxyConfiguration>	configLookupFunction	Profile configuration lookup function.
private final org.slf4j.Logger	log	Class logger.
private ProxyGrantingTicket	pgt	CAS ticket.
private ProxyConfiguration	proxyConfig	Profile config.
private ProxyTicketRequest	request	CAS request.
private SecurityConfiguration	securityConfig	Security config.
private final SessionResolver	sessionResolver	Looks up IdP sessions.
private Predicate<ProfileRequestContext>	validateIdPSessionPredicate	Whether to resolve and validate IdP session as part of granting a proxy ticket.

Constructor Summary

Constructors

Constructor	Description
GrantProxyTicketAction(TicketService ticketService, SessionResolver resolver)	Constructor.

Method Summary

Modifier and Type	Method	Description
protected void	doExecute(ProfileRequestContext profileRequestContext)
protected boolean	doPreExecute(ProfileRequestContext profileRequestContext)
void	setValidateIdPSessionPredicate(Predicate<ProfileRequestContext> predicate)	Sets the predicate used to determine whether IdP session validation is performed during the process of granting a proxy ticket.

Methods inherited from class net.shibboleth.idp.cas.flow.impl.AbstractCASProtocolAction

getCASRequest, getCASResponse, getCASService, getCASTicket, getProtocolContext, setCASRequest, setCASResponse, setCASService, setCASTicket

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, setHttpServletRequest, setHttpServletRequestSupplier, setHttpServletResponse, setHttpServletResponseSupplier

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

initialize, isInitialized

Field Details

log

@Nonnull
private final org.slf4j.Logger log

Class logger.

configLookupFunction

@Nonnull
private final ConfigLookupFunction<ProxyConfiguration> configLookupFunction

Profile configuration lookup function.

casTicketService

@Nonnull
private final TicketService casTicketService

Manages CAS tickets.

sessionResolver

@Nonnull
private final SessionResolver sessionResolver

Looks up IdP sessions.

validateIdPSessionPredicate

@Nonnull
private Predicate<ProfileRequestContext> validateIdPSessionPredicate

Whether to resolve and validate IdP session as part of granting a proxy ticket.

proxyConfig

@Nullable
private ProxyConfiguration proxyConfig

Profile config.

securityConfig

@Nullable
private SecurityConfiguration securityConfig

Security config.

pgt

@Nullable
private ProxyGrantingTicket pgt

CAS ticket.

request

@Nullable
private ProxyTicketRequest request

CAS request.

Constructor Details

GrantProxyTicketAction

public GrantProxyTicketAction(@Nonnull
 TicketService ticketService,
 @Nonnull
 SessionResolver resolver)

Constructor.

Parameters:

ticketService - Ticket service component.

resolver - session resolver

Method Details

setValidateIdPSessionPredicate

public void setValidateIdPSessionPredicate(@Nonnull
 Predicate<ProfileRequestContext> predicate)

Sets the predicate used to determine whether IdP session validation is performed during the process of granting a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that evaluates to true under any condition, a server-side storage service must be enabled for IdP session storage.

Parameters:

predicate - Session validation predicate. Default is Predicates.alwaysFalse().

doPreExecute

protected boolean doPreExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doPreExecute in class AbstractConditionalProfileAction

doExecute

protected void doExecute(@Nonnull
 ProfileRequestContext profileRequestContext)

Overrides:

doExecute in class AbstractProfileAction