org.beangle.security.cas.auth.StatelessTicketCache Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of beangle-security-web Show documentation
There is a newer version: 4.0.7
/*
 * Beangle, Agile Java/Scala Development Scaffold and Toolkit
 *
 * Copyright (c) 2005-2013, Beangle Software.
 *
 * Beangle is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * Beangle is distributed in the hope that it will be useful.
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public License
 * along with Beangle.  If not, see .
 */
package org.beangle.security.cas.auth;

/**
 * Caches CAS service tickets and CAS proxy tickets for stateless connections.
 * 
 * When a service ticket or proxy ticket is validated against the CAS server, it is unable to be
 * used again. Most types of callers are stateful and are associated with a given
 * HttpSession. This allows the affirmative CAS validation outcome to be stored in the
 * HttpSession, meaning the removal of the ticket from the CAS server is not an issue.
 * 
 * 
 * Stateless callers, such as remoting protocols, cannot take advantage of HttpSession.
 * If the stateless caller is located a significant network distance from the CAS server, acquiring
 * a fresh service ticket or proxy ticket for each invocation would be expensive.
 * 
 * 
 * To avoid this issue with stateless callers, it is expected stateless callers will obtain a single
 * service ticket or proxy ticket, and then present this same ticket to the Beangle Security secured
 * application on each occasion. As no HttpSession is available for such callers, the
 * affirmative CAS validation outcome cannot be stored in this location.
 * 
 * 
 * The StatelessTicketCache enables the service tickets and proxy tickets belonging to
 * stateless callers to be placed in a cache. This in-memory cache stores the
 * CasAuthentication, effectively providing the same capability as a
 * HttpSession with the ticket identifier being the key rather than a session
 * identifier.
 * 
 * 
 * Implementations should provide a reasonable timeout on stored entries, such that the stateless
 * caller are not required to unnecessarily acquire fresh CAS service tickets or proxy tickets.
 * 
 * 
 * @author chaostone
 */
public interface StatelessTicketCache {

  /**
   * Retrieves the CasAuthentication associated with the
   * specified ticket.
   * 
   * If not found, returns a nullCasAuthentication.
   * 
   * 
   * @return the fully populated authentication token
   */
  CasAuthentication get(String serviceTicket);

  /**
   * Adds the specified CasAuthentication to the cache.
   * 
   * The {@link CasAuthentication#getCredentials()} method is used to retrieve the service ticket
   * number.
   * 
   * 
   * @param token
   *          to be added to the cache
   */
  void put(CasAuthentication token);

  /**
   * Removes the specified ticket from the cache, as per {@link #remove(String)}.
   * 
   * Implementations should use {@link CasAuthentication#getCredentials()} to obtain the ticket and
   * then delegate to to the {@link #remove(String)} method.
   * 
   * 
   * @param token
   *          to be removed
   */
  void remove(CasAuthentication token);

  /**
   * Removes the specified ticket from the cache, meaning that future calls
   * will require a new service ticket.
   * 
   * This is in case applications wish to provide a session termination capability for their
   * stateless clients.
   * 
   * 
   * @param serviceTicket
   *          to be removed
   */
  void remove(String serviceTicket);
}