Package org.apereo.cas.authentication.surrogate

Interface SurrogateAuthenticationService

  • Functional Interface:
    This is a functional interface and can therefore be used as the assignment target for a lambda expression or method reference.
    @FunctionalInterface
public interface SurrogateAuthenticationService
    This is SurrogateAuthenticationService. It defines operations to note whether one can substitute as another during authentication.
    Since:
    5.1.0

    • Method Summary

      All Methods Instance Methods Abstract Methods Default Methods 
      Modifier and Type Method Description
      default boolean canImpersonate​(java.lang.String surrogate, org.apereo.cas.authentication.principal.Principal principal, java.util.Optional<org.apereo.cas.authentication.principal.Service> service)
      Checks whether a principal can authenticate as a surrogate user.
      java.util.Collection<java.lang.String> getImpersonationAccounts​(java.lang.String username)
      Gets a collection of account names a surrogate can authenticate as.
      default boolean isWildcardedAccount​(java.lang.String surrogate, org.apereo.cas.authentication.principal.Principal principal)
      Is wildcarded account authorized?.
      default boolean isWildcardedAccount​(java.util.Collection<java.lang.String> accounts)
      Is wildcarded account acepted and found in the given accounts?.

    • Field Detail

      • WILDCARD_ACCOUNT

        static final java.lang.String WILDCARD_ACCOUNT
        An authorized account may be tagged as a wildcard, meaning that the account has special permissions to impersonate anyone.
        See Also:
        Constant Field Values

      • AUTHENTICATION_ATTR_SURROGATE_USER

        static final java.lang.String AUTHENTICATION_ATTR_SURROGATE_USER
        Surrogate username attribute in the authentication payload.
        See Also:
        Constant Field Values

      • AUTHENTICATION_ATTR_SURROGATE_PRINCIPAL

        static final java.lang.String AUTHENTICATION_ATTR_SURROGATE_PRINCIPAL
        Original credential attribute in the authentication payload.
        See Also:
        Constant Field Values

      • AUTHENTICATION_ATTR_SURROGATE_ENABLED

        static final java.lang.String AUTHENTICATION_ATTR_SURROGATE_ENABLED
        Indicates that surrogate authn is enabled and activated.
        See Also:
        Constant Field Values

    • Method Detail

      • canImpersonate

        default boolean canImpersonate​(java.lang.String surrogate,
                               org.apereo.cas.authentication.principal.Principal principal,
                               java.util.Optional<org.apereo.cas.authentication.principal.Service> service)
        Checks whether a principal can authenticate as a surrogate user.
        Parameters:
        surrogate - The username of the surrogate
        principal - the principal
        service - the service
        Returns:
        true if the given surrogate can authenticate as the user

      • getImpersonationAccounts

        java.util.Collection<java.lang.String> getImpersonationAccounts​(java.lang.String username)
        Gets a collection of account names a surrogate can authenticate as.
        Parameters:
        username - The username of the surrogate
        Returns:
        collection of usernames

      • isWildcardedAccount

        default boolean isWildcardedAccount​(java.lang.String surrogate,
                                    org.apereo.cas.authentication.principal.Principal principal)
        Is wildcarded account authorized?.
        Parameters:
        surrogate - the surrogate
        principal - the principal
        Returns:
        true/false

      • isWildcardedAccount

        default boolean isWildcardedAccount​(java.util.Collection<java.lang.String> accounts)
        Is wildcarded account acepted and found in the given accounts?.
        Parameters:
        accounts - the accounts
        Returns:
        true/false