...
Tickets have two properties. They have a "grantor" property, that is either null or the GrantingTicket that granted them. They also have a String identifier which uniquely identifies the ticket from a large namespace. Part of the identifier is drawn from a large space uniformly at random. This is key to CAS's security.
| Code Block | ||
|---|---|---|
| ||
public Interface Ticket {
/**
* Get a String uniquely identifying this Ticket within this instance of CAS Server.
* The id must contain a substring that is drawn uniformly at random from a large space --
* this is vital to the security of a CAS implementation.
*/
public String getId();
/**
* Get the GrantingTicket from which this Ticket was generated.
* Returns null in the case where this Ticket was not created from a GrantingTicket.
*/
public GrantingTicket getGrantor();
}
|
GrantingTickets add to Ticket an additional property: the immediate authenticated Principal to which the GrantingTicket was issued. This might be a user Principal, in the case of the GrantingTicket that is stored into a secure cookie in a user's web browser, or this might be a service Principal, in the case of a GrantingTicket that was issued by secure callback to an application or to an otherwise authenticated application out there on the Internet.
...