org.acegisecurity.providers.cas.StatelessTicketCache Maven / Gradle / Ivy
/* Copyright 2004 Acegi Technology Pty Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.acegisecurity.providers.cas;
/**
* Caches CAS service tickets and CAS proxy tickets for stateless connections.
*
*
* When a service ticket or proxy ticket is validated against the CAS server,
* it is unable to be used again. Most types of callers are stateful and are
* associated with a given HttpSession
. This allows the
* affirmative CAS validation outcome to be stored in the
* HttpSession
, meaning the removal of the ticket from the CAS
* server is not an issue.
*
*
*
* Stateless callers, such as remoting protocols, cannot take advantage of
* HttpSession
. If the stateless caller is located a significant
* network distance from the CAS server, acquiring a fresh service ticket or
* proxy ticket for each invocation would be expensive.
*
*
*
* To avoid this issue with stateless callers, it is expected stateless callers
* will obtain a single service ticket or proxy ticket, and then present this
* same ticket to the Acegi Security System secured application on each
* occasion. As no HttpSession
is available for such callers, the
* affirmative CAS validation outcome cannot be stored in this location.
*
*
*
* The StatelessTicketCache
enables the service tickets and proxy
* tickets belonging to stateless callers to be placed in a cache. This
* in-memory cache stores the CasAuthenticationToken
, effectively
* providing the same capability as a HttpSession
with the ticket
* identifier being the key rather than a session identifier.
*
*
*
* Implementations should provide a reasonable timeout on stored entries, such
* that the stateless caller are not required to unnecessarily acquire fresh
* CAS service tickets or proxy tickets.
*
*
* @author Ben Alex
* @version $Id: StatelessTicketCache.java 1784 2007-02-24 21:00:24Z luke_t $
*/
public interface StatelessTicketCache {
//~ Methods ================================================================
/**
* Retrieves the CasAuthenticationToken
associated with the
* specified ticket.
*
*
* If not found, returns a
* null
CasAuthenticationToken
.
*
*
* @return the fully populated authentication token
*/
CasAuthenticationToken getByTicketId(String serviceTicket);
/**
* Adds the specified CasAuthenticationToken
to the cache.
*
*
* The {@link CasAuthenticationToken#getCredentials()} method is used to
* retrieve the service ticket number.
*
*
* @param token to be added to the cache
*/
void putTicketInCache(CasAuthenticationToken token);
/**
* Removes the specified ticket from the cache, as per {@link
* #removeTicketFromCache(String)}.
*
*
* Implementations should use {@link
* CasAuthenticationToken#getCredentials()} to obtain the ticket and then
* delegate to to the {@link #removeTicketFromCache(String)} method.
*
*
* @param token to be removed
*/
void removeTicketFromCache(CasAuthenticationToken token);
/**
* Removes the specified ticket from the cache, meaning that future calls
* will require a new service ticket.
*
*
* This is in case applications wish to provide a session termination
* capability for their stateless clients.
*
*
* @param serviceTicket to be removed
*/
void removeTicketFromCache(String serviceTicket);
}