...
| Code Block | ||
|---|---|---|
| ||
public interface ServiceTicket extends Ticket {
/**
* Get the Target to which this ServiceTicket is intended to authenticate the
* chain of Principals represented by the grantor of this ticket.
*/
String getTarget();
/**
* True if this ServiceTicket was created in the same transaction that created the granting ticket.
* False otherwise.
* This is how we implement the CAS 'renew' behavior -- ServiceTickets created simultaneous with
* their GrantingTicket may succeed on validation with renew=true, but if this value is false
* then validation with renew=true must fail.
*/
boolean createdInTxnThatCreatedGrantor();
}
|
Why is the return value for getTarget() a String? Because it is an arbitrary identifer. By convention it is a URL – and its being a URL has special meaning in the case of applications redirecting to CAS to obtain a ServiceTicket – but there is no requirement that the target be a URL. The Target represents an opportunity for the Principal owning the GrantingTicket requesting this ServiceTicket to ensure that the ServiceTicket that it obtains can only be used to authenticate to the Target it intends.
...