Source Code Cross Referenced for CasProxyDecider.java in  » Security » acegi-security » org » acegisecurity » providers » cas » Java Source Code / Java DocumentationJava Source Code and Java Documentation

01:        /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02:         *
03:         * Licensed under the Apache License, Version 2.0 (the "License");
04:         * you may not use this file except in compliance with the License.
05:         * You may obtain a copy of the License at
06:         *
07:         *     http://www.apache.org/licenses/LICENSE-2.0
08:         *
09:         * Unless required by applicable law or agreed to in writing, software
10:         * distributed under the License is distributed on an "AS IS" BASIS,
11:         * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12:         * See the License for the specific language governing permissions and
13:         * limitations under the License.
14:         */
15:
16:        package org.acegisecurity.providers.cas;
17:
18:        import java.util.List;
19:
20:        /**
21:         * Decides whether a proxy list presented via CAS is trusted or not.
22:         *
23:         * <p>
24:         * CAS 1.0 allowed services to receive a service ticket and then validate it.
25:         * CAS 2.0 allows services to receive a service ticket and then validate it
26:         * with a proxy callback URL. The callback will enable the CAS server to
27:         * authenticate the service. In doing so the service will receive a
28:         * proxy-granting ticket and a proxy-granting ticket IOU. The IOU is just an
29:         * internal record that a proxy-granting ticket is due to be received via the
30:         * callback URL.
31:         * </p>
32:         *
33:         * <p>
34:         * With a proxy-granting ticket, a service can request the CAS server provides
35:         * it with a proxy ticket. A proxy ticket is just a service ticket, but the
36:         * CAS server internally tracks the list (chain) of services used to build the
37:         * proxy ticket. The proxy ticket is then presented to the target service.
38:         * </p>
39:         *
40:         * <p>
41:         * If this application is a target service of a proxy ticket, the
42:         * <code>CasProxyDecider</code> resolves whether or not the proxy list is
43:         * trusted. Applications should only trust services they allow to impersonate
44:         * an end user.
45:         * </p>
46:         *
47:         * <p>
48:         * If this application is a service that should never accept proxy-granting
49:         * tickets, the implementation should reject tickets that present a proxy list
50:         * with any members. If the list has no members, it indicates the CAS server
51:         * directly authenticated the user (ie there are no services which proxied the
52:         * user authentication).
53:         * </p>
54:         *
55:         * @author Ben Alex
56:         * @version $Id: CasProxyDecider.java 1784 2007-02-24 21:00:24Z luke_t $
57:         */
58:        public interface CasProxyDecider {
59:            //~ Methods ========================================================================================================
60:
61:            /**
62:             * Decides whether the proxy list is trusted.
63:             * <p>Must throw any <code>ProxyUntrustedException</code> if the
64:             * proxy list is untrusted.</p>
65:             *
66:             * @param proxyList the list of proxies to be checked.
67:             *
68:             * @throws ProxyUntrustedException DOCUMENT ME!
69:             */
70:            void confirmProxyListTrusted(List proxyList)
71:                    throws ProxyUntrustedException;
72:        }