Package net.shibboleth.idp.cas.flow.impl
Class GrantProxyTicketAction
java.lang.Object
net.shibboleth.shared.component.AbstractInitializableComponent
org.opensaml.profile.action.AbstractProfileAction
org.opensaml.profile.action.AbstractConditionalProfileAction
net.shibboleth.idp.profile.AbstractProfileAction
net.shibboleth.idp.cas.flow.impl.AbstractCASProtocolAction<ProxyTicketRequest,ProxyTicketResponse>
net.shibboleth.idp.cas.flow.impl.GrantProxyTicketAction
- All Implemented Interfaces:
Component,DestructableComponent,InitializableComponent,ProfileAction,Aware,MessageSource,MessageSourceAware,Action
public class GrantProxyTicketAction
extends AbstractCASProtocolAction<ProxyTicketRequest,ProxyTicketResponse>
Generates and stores a CAS protocol proxy ticket. Possible outcomes:
nullon successTicketCreationErrorIllegalState
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate final TicketServiceManages CAS tickets.private final ConfigLookupFunction<ProxyConfiguration>Profile configuration lookup function.private final org.slf4j.LoggerClass logger.private ProxyConfigurationProfile config.private ProxyGrantingTicketCAS ticket.private ProxyTicketRequestCAS request.private SecurityConfigurationSecurity config.private final SessionResolverLooks up IdP sessions.private Predicate<ProfileRequestContext>Whether to resolve and validate IdP session as part of granting a proxy ticket. -
Constructor Summary
ConstructorsConstructorDescriptionGrantProxyTicketAction(TicketService ticketService, SessionResolver resolver) Constructor. -
Method Summary
Modifier and TypeMethodDescriptionprotected voiddoExecute(ProfileRequestContext profileRequestContext) protected booleandoPreExecute(ProfileRequestContext profileRequestContext) private ProxyGrantingTicketNull-safe getter.voidSets the predicate used to determine whether IdP session validation is performed during the process of granting a proxy ticket.Methods inherited from class net.shibboleth.idp.cas.flow.impl.AbstractCASProtocolAction
getCASRequest, getCASResponse, getCASService, getCASTicket, getProtocolContext, setCASRequest, setCASResponse, setCASService, setCASTicketMethods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getBean, getBean, getMessage, getMessage, getMessage, getParameter, getParameter, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategyMethods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationConditionMethods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, ensureHttpServletRequest, ensureHttpServletResponse, execute, getHttpServletRequest, getHttpServletRequestSupplier, getHttpServletResponse, getHttpServletResponseSupplier, getLogPrefix, isPreExecuteCalled, setHttpServletRequestSupplier, setHttpServletResponseSupplierMethods inherited from class net.shibboleth.shared.component.AbstractInitializableComponent
checkComponentActive, checkSetterPreconditions, destroy, doDestroy, doInitialize, ifDestroyedThrowDestroyedComponentException, ifInitializedThrowUnmodifiabledComponentException, ifNotInitializedThrowUninitializedComponentException, initialize, isDestroyed, isInitializedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface net.shibboleth.shared.component.InitializableComponent
initialize, isInitialized
-
Field Details
-
log
@Nonnull private final org.slf4j.Logger logClass logger. -
configLookupFunction
Profile configuration lookup function. -
casTicketService
Manages CAS tickets. -
sessionResolver
Looks up IdP sessions. -
validateIdPSessionPredicate
Whether to resolve and validate IdP session as part of granting a proxy ticket. -
proxyConfig
Profile config. -
securityConfig
Security config. -
proxyGrantingTicket
CAS ticket. -
request
CAS request.
-
-
Constructor Details
-
GrantProxyTicketAction
public GrantProxyTicketAction(@Nonnull TicketService ticketService, @Nonnull SessionResolver resolver) Constructor.- Parameters:
ticketService- Ticket service component.resolver- session resolver
-
-
Method Details
-
setValidateIdPSessionPredicate
Sets the predicate used to determine whether IdP session validation is performed during the process of granting a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that evaluates to true under any condition, a server-side storage service must be enabled for IdP session storage.- Parameters:
predicate- Session validation predicate. Default isPredicateSupport.alwaysFalse().
-
doPreExecute
- Overrides:
doPreExecutein classAbstractConditionalProfileAction
-
getProxyGrantingTicket
Null-safe getter.- Returns:
- the proxyGrantingTicket
-
doExecute
- Overrides:
doExecutein classAbstractProfileAction
-