|
| 1 | +/* |
| 2 | + * Copyright 2004, 2005, 2006 Acegi Technology Pty Limited |
| 3 | + * |
| 4 | + * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | + * you may not use this file except in compliance with the License. |
| 6 | + * You may obtain a copy of the License at |
| 7 | + * |
| 8 | + * https://www.apache.org/licenses/LICENSE-2.0 |
| 9 | + * |
| 10 | + * Unless required by applicable law or agreed to in writing, software |
| 11 | + * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | + * See the License for the specific language governing permissions and |
| 14 | + * limitations under the License. |
| 15 | + */ |
| 16 | + |
| 17 | +package org.springframework.security.cas; |
| 18 | + |
| 19 | +import org.springframework.beans.factory.InitializingBean; |
| 20 | +import org.springframework.util.Assert; |
| 21 | + |
| 22 | +/** |
| 23 | + * Stores properties related to this CAS service. |
| 24 | + * <p> |
| 25 | + * Each web application capable of processing CAS tickets is known as a service. This |
| 26 | + * class stores the properties that are relevant to the local CAS service, being the |
| 27 | + * application that is being secured by Spring Security. |
| 28 | + * |
| 29 | + * @author Ben Alex |
| 30 | + */ |
| 31 | +public class ServiceProperties implements InitializingBean { |
| 32 | + |
| 33 | + public static final String DEFAULT_CAS_ARTIFACT_PARAMETER = "ticket"; |
| 34 | + |
| 35 | + public static final String DEFAULT_CAS_SERVICE_PARAMETER = "service"; |
| 36 | + |
| 37 | + private String service; |
| 38 | + |
| 39 | + private boolean authenticateAllArtifacts; |
| 40 | + |
| 41 | + private boolean sendRenew = false; |
| 42 | + |
| 43 | + private String artifactParameter = DEFAULT_CAS_ARTIFACT_PARAMETER; |
| 44 | + |
| 45 | + private String serviceParameter = DEFAULT_CAS_SERVICE_PARAMETER; |
| 46 | + |
| 47 | + @Override |
| 48 | + public void afterPropertiesSet() { |
| 49 | + Assert.hasLength(this.service, "service cannot be empty."); |
| 50 | + Assert.hasLength(this.artifactParameter, "artifactParameter cannot be empty."); |
| 51 | + Assert.hasLength(this.serviceParameter, "serviceParameter cannot be empty."); |
| 52 | + } |
| 53 | + |
| 54 | + /** |
| 55 | + * Represents the service the user is authenticating to. |
| 56 | + * <p> |
| 57 | + * This service is the callback URL belonging to the local Spring Security System for |
| 58 | + * Spring secured application. For example, |
| 59 | + * |
| 60 | + * <pre> |
| 61 | + * https://www.mycompany.com/application/login/cas |
| 62 | + * </pre> |
| 63 | + * @return the URL of the service the user is authenticating to |
| 64 | + */ |
| 65 | + public final String getService() { |
| 66 | + return this.service; |
| 67 | + } |
| 68 | + |
| 69 | + /** |
| 70 | + * Indicates whether the <code>renew</code> parameter should be sent to the CAS login |
| 71 | + * URL and CAS validation URL. |
| 72 | + * <p> |
| 73 | + * If <code>true</code>, it will force CAS to authenticate the user again (even if the |
| 74 | + * user has previously authenticated). During ticket validation it will require the |
| 75 | + * ticket was generated as a consequence of an explicit login. High security |
| 76 | + * applications would probably set this to <code>true</code>. Defaults to |
| 77 | + * <code>false</code>, providing automated single sign on. |
| 78 | + * @return whether to send the <code>renew</code> parameter to CAS |
| 79 | + */ |
| 80 | + public final boolean isSendRenew() { |
| 81 | + return this.sendRenew; |
| 82 | + } |
| 83 | + |
| 84 | + public final void setSendRenew(final boolean sendRenew) { |
| 85 | + this.sendRenew = sendRenew; |
| 86 | + } |
| 87 | + |
| 88 | + public final void setService(final String service) { |
| 89 | + this.service = service; |
| 90 | + } |
| 91 | + |
| 92 | + public final String getArtifactParameter() { |
| 93 | + return this.artifactParameter; |
| 94 | + } |
| 95 | + |
| 96 | + /** |
| 97 | + * Configures the Request Parameter to look for when attempting to see if a CAS ticket |
| 98 | + * was sent from the server. |
| 99 | + * @param artifactParameter the id to use. Default is "ticket". |
| 100 | + */ |
| 101 | + public final void setArtifactParameter(final String artifactParameter) { |
| 102 | + this.artifactParameter = artifactParameter; |
| 103 | + } |
| 104 | + |
| 105 | + /** |
| 106 | + * Configures the Request parameter to look for when attempting to send a request to |
| 107 | + * CAS. |
| 108 | + * @return the service parameter to use. Default is "service". |
| 109 | + */ |
| 110 | + public final String getServiceParameter() { |
| 111 | + return this.serviceParameter; |
| 112 | + } |
| 113 | + |
| 114 | + public final void setServiceParameter(final String serviceParameter) { |
| 115 | + this.serviceParameter = serviceParameter; |
| 116 | + } |
| 117 | + |
| 118 | + public final boolean isAuthenticateAllArtifacts() { |
| 119 | + return this.authenticateAllArtifacts; |
| 120 | + } |
| 121 | + |
| 122 | + /** |
| 123 | + * If true, then any non-null artifact (ticket) should be authenticated. Additionally, |
| 124 | + * the service will be determined dynamically in order to ensure the service matches |
| 125 | + * the expected value for this artifact. |
| 126 | + * @param authenticateAllArtifacts |
| 127 | + */ |
| 128 | + public final void setAuthenticateAllArtifacts(final boolean authenticateAllArtifacts) { |
| 129 | + this.authenticateAllArtifacts = authenticateAllArtifacts; |
| 130 | + } |
| 131 | + |
| 132 | +} |
0 commit comments