org.beangle.security.cas.auth.StatelessTicketCache Maven / Gradle / Ivy
/*
* Beangle, Agile Java/Scala Development Scaffold and Toolkit
*
* Copyright (c) 2005-2012, Beangle Software.
*
* Beangle is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Beangle is distributed in the hope that it will be useful.
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Beangle. If not, see
* When a service ticket or proxy ticket is validated against the CAS server, it is unable to be
* used again. Most types of callers are stateful and are associated with a given
* HttpSession. This allows the affirmative CAS validation outcome to be stored in the
* HttpSession, meaning the removal of the ticket from the CAS server is not an issue.
*
*
* Stateless callers, such as remoting protocols, cannot take advantage of HttpSession.
* If the stateless caller is located a significant network distance from the CAS server, acquiring
* a fresh service ticket or proxy ticket for each invocation would be expensive.
*
*
* To avoid this issue with stateless callers, it is expected stateless callers will obtain a single
* service ticket or proxy ticket, and then present this same ticket to the Beangle Security secured
* application on each occasion. As no HttpSession is available for such callers, the
* affirmative CAS validation outcome cannot be stored in this location.
*
*
* The StatelessTicketCache enables the service tickets and proxy tickets belonging to
* stateless callers to be placed in a cache. This in-memory cache stores the
* CasAuthentication, effectively providing the same capability as a
* HttpSession with the ticket identifier being the key rather than a session
* identifier.
*
*
* Implementations should provide a reasonable timeout on stored entries, such that the stateless
* caller are not required to unnecessarily acquire fresh CAS service tickets or proxy tickets.
*
*
* @author chaostone
*/
public interface StatelessTicketCache {
/**
* Retrieves the CasAuthentication associated with the
* specified ticket.
*
* If not found, returns a nullCasAuthentication.
*
*
* @return the fully populated authentication token
*/
CasAuthentication get(String serviceTicket);
/**
* Adds the specified CasAuthentication to the cache.
*
* The {@link CasAuthentication#getCredentials()} method is used to retrieve the service ticket
* number.
*
*
* @param token
* to be added to the cache
*/
void put(CasAuthentication token);
/**
* Removes the specified ticket from the cache, as per {@link #remove(String)}.
*
* Implementations should use {@link CasAuthentication#getCredentials()} to obtain the ticket and
* then delegate to to the {@link #remove(String)} method.
*
*
* @param token
* to be removed
*/
void remove(CasAuthentication token);
/**
* Removes the specified ticket from the cache, meaning that future calls
* will require a new service ticket.
*
* This is in case applications wish to provide a session termination capability for their
* stateless clients.
*
*
* @param serviceTicket
* to be removed
*/
void remove(String serviceTicket);
}