Class EncodingTicketService
- java.lang.Object
-
- net.shibboleth.idp.cas.ticket.impl.AbstractTicketService
-
- net.shibboleth.idp.cas.ticket.impl.EncodingTicketService
-
- All Implemented Interfaces:
TicketService
public class EncodingTicketService extends AbstractTicketService
Ticket service that uses two different strategies for ticket persistence:- Service tickets, proxy tickets, and root proxy-granting tickets are persisted by serializing
ticket data and encrypting it into the opaque part of the ticket ID using a
DataSealer. - Chained proxy-granting tickets are persisted using a
StorageService.
NOTE: The service tickets, proxy tickets, and root proxy-granting tickets produced by this component do not support one-time use. More precisely,
removeServiceTicket(String)andremoveProxyTicket(String)simply return a decoded ticket and do not invalidate the ticket in any way. Since there is no backing store for those types of tickets, they can be reused until one of the following conditions is met:- The value of
Ticket.getExpirationInstant()is exceeded. - The
DataSealerkey used to encrypt data is revoked.
- Since:
- 3.3.0
-
-
Field Summary
Fields Modifier and Type Field Description private DataSealerdataSealerData sealer that handles encryption of serialized service ticket data.private org.slf4j.LoggerlogClass logger.private static StringNOT_USEDNon-null marker value for unused ServiceTicket#id field and storage context name.static StringPROXY_GRANTING_TICKET_PREFIXDefault proxy granting ticket prefix.static StringPROXY_TICKET_PREFIXDefault proxy ticket prefix.private StringproxyGrantingTicketPrefixProxy granting ticket prefix.private StringproxyTicketPrefixProxy ticket prefix.static StringSERVICE_TICKET_PREFIXDefault service ticket prefix.private StringserviceTicketPrefixService ticket prefix.
-
Constructor Summary
Constructors Constructor Description EncodingTicketService(StorageService service, DataSealer sealer)Creates a new instance.
-
Method Summary
-
Methods inherited from class net.shibboleth.idp.cas.ticket.impl.AbstractTicketService
context, createProxyGrantingTicket, delete, read, serializer, store
-
-
-
-
Field Detail
-
SERVICE_TICKET_PREFIX
public static final String SERVICE_TICKET_PREFIX
Default service ticket prefix.- See Also:
- Constant Field Values
-
PROXY_TICKET_PREFIX
public static final String PROXY_TICKET_PREFIX
Default proxy ticket prefix.- See Also:
- Constant Field Values
-
PROXY_GRANTING_TICKET_PREFIX
public static final String PROXY_GRANTING_TICKET_PREFIX
Default proxy granting ticket prefix.- See Also:
- Constant Field Values
-
NOT_USED
private static final String NOT_USED
Non-null marker value for unused ServiceTicket#id field and storage context name.- See Also:
- Constant Field Values
-
log
private final org.slf4j.Logger log
Class logger.
-
dataSealer
@Nonnull private final DataSealer dataSealer
Data sealer that handles encryption of serialized service ticket data.
-
-
Constructor Detail
-
EncodingTicketService
public EncodingTicketService(@Nonnull @ParameterName(name="service") StorageService service, @Nonnull @ParameterName(name="sealer") DataSealer sealer)
Creates a new instance.- Parameters:
service- Storage service to which tickets are persisted.sealer- data sealer
-
-
Method Detail
-
setServiceTicketPrefix
public void setServiceTicketPrefix(String prefix)
Sets the service ticket prefix. Default is ST.- Parameters:
prefix- Service ticket prefix.
-
setProxyTicketPrefix
public void setProxyTicketPrefix(String prefix)
Sets the proxy ticket prefix. Default is PT.- Parameters:
prefix- Proxy ticket prefix.
-
setProxyGrantingTicketPrefix
public void setProxyGrantingTicketPrefix(String prefix)
Sets the proxy granting ticket prefix. Default is PGT-E. Note that this MUST be distinct from the proxy granting ticket prefix used for regular proxy-granting ticket identifiers.- Parameters:
prefix- Proxy granting ticket prefix.
-
createServiceTicket
@Nonnull public ServiceTicket createServiceTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull String service, @Nullable TicketState state, boolean renew)
-
removeServiceTicket
@Nullable public ServiceTicket removeServiceTicket(@Nonnull String id)
-
createProxyTicket
@Nonnull public ProxyTicket createProxyTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ProxyGrantingTicket pgt, @Nonnull String service)
-
removeProxyTicket
@Nullable public ProxyTicket removeProxyTicket(@Nonnull String id)
-
createProxyGrantingTicket
@Nullable public ProxyGrantingTicket createProxyGrantingTicket(@Nonnull String id, @Nonnull Instant expiry, @Nonnull ServiceTicket serviceTicket)
- Specified by:
createProxyGrantingTicketin interfaceTicketService- Overrides:
createProxyGrantingTicketin classAbstractTicketService
-
fetchProxyGrantingTicket
@Nullable public ProxyGrantingTicket fetchProxyGrantingTicket(@Nonnull String id)
- Specified by:
fetchProxyGrantingTicketin interfaceTicketService- Overrides:
fetchProxyGrantingTicketin classAbstractTicketService
-
removeProxyGrantingTicket
@Nullable public ProxyGrantingTicket removeProxyGrantingTicket(@Nonnull String id)
- Specified by:
removeProxyGrantingTicketin interfaceTicketService- Overrides:
removeProxyGrantingTicketin classAbstractTicketService
-
encode
private <T extends Ticket> T encode(Class<T> ticketClass, T ticket, String prefix)
Encode a ticket.- Type Parameters:
T- type of ticket- Parameters:
ticketClass- class of ticketticket- ticketprefix- ticket ID prefix- Returns:
- ticket encoded ticket
-
-