Versions Compared

Old Version 11

changes.mady.by.user Andrew Petro

Saved on

compared with

New Version Current

changes.mady.by.user Andrew Petro

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

This page is a place to evolve a CAS 3 domain model for tickets.

Note
titleLegacy page

The content in this page is outdated. See instead Ticket module.

Discussion

The question we're asking is, "What's the proper relationship, in a class hierarchy used by CAS server implementation, between service tickets and proxy tickets?"

Code snippets

Code Block
titleTicket

public Interface Ticket {

   /**
    * Get the Date at which this Ticket was created.
    */
    public Date getTimestamp();


   /**
    * Returns true if this ticektticket asis valid, false otherwise.
    */
    public boolean isValid();

}
Code Block
titleTicketGrantingTicket

public Interface TicketGrantingTicket 
    extends Ticket {

   /**
    * Get the Principal which owns this TicketGrantingTicket and may exercise it
    * to obtain a TargettedTicket for authentication to a particular URL. 
    * For instance, in the case of a SSOTicket this Principal is the end user who authenticated
    * to CAS by presentation of Primary Credentials.
    * In the case of a ProxyGrantingTicket, this is the URL to which the PGT was vended.
    */
    public Principal getPrincipal();


   /**
    * Derive from this TicketGrantingTicket a TargettedTicket for use in authenticating
    * to some particular target.
    */
    public TargettedTicket deriveTicket(URL target);

}
Panel
titleSSOTicket

Single Sign On tickets are tickets representing a particular user's single sign on session with CAS. They are TicketGrantingTickets but they are not DerivedTickets because their origin is not from another CAS ticket. They are not derived from another of the CAS 3 Ticket Domain Model tickets. Rather, they are derived from something external to the ticket domain model: the presentation and authentication of primary credentials.

Code Block
titleSSOTicket code sketch

public Class SSOTicket implements TicketGrantingTicket {

    private final Date whenCreated = new Date();

    private final Principal authenticatedUser;

    private final ExpirationPolicy expPolicy;

    private final ExpirationPolicyFactory expPolicyFactory;


    public SSOTicket(Principal authenticatedUser, 
        ExpirationPolicy expPolicy, 
        ExpirationPolicyFactory expPolicyFactory) {
       this.authenticatedUser = authenticatedUser;
       this.expPolicy = expPolicy;
       this.expPolicyFactory = expPolicyFactory;
    }

    public Principal getUser() {
       return this.authenticatedUser;
    }

    public boolean isValid() {
         return this.expPolicy.isValid();
    }

    public void expire() {
        this.expPolicy.expire();
    }

    public TargettedTicket deriveTicket(URL target) {

        return new TargettedTicketImpl(target, this, this.expPolicyFactory.buildPolicyInstance());

    }

}
Code Block
titleProxyGrantingTicket
public Class ProxyGrantingTicket 
    implements TicketGrantingTicket, DerivedTicket {

    private final Date whenCreated = new Date();

    private final Principal authenticatedUser;

    private final ExpirationPolicy expPolicy;

    private final ExpirationPolicyFactory expPolicyFactory;

    private final TicketGrantingTicket parent;


    public ProxyGrantingTicket(Principal proxyingService, 
        ExpirationPolicy expPolicy, 
        ExpirationPolicyFactory expPolicyFactory, 
        TicketGrantingTicket parent) {

       this.authenticatedUser = authenticatedUser;
       this.expPolicy = expPolicy;
       this.expPolicyFactory = expPolicyFactory;
       this.parent = parent;
    }

    public Principal getUser() {
       return this.authenticatedUser;
    }

    public boolean isValid() {
         return this.expPolicy.isValid();
    }

    public void expire() {
        this.expPolicy.expire();
    }

    public TargettedTicket deriveTicket(URL target) {

        return new TargettedTicketImpl(target, this, this.expPolicyFactory.buildPolicyInstance());

    }

    public TicketGrantingTicket getParant() {
        return this.parent;
    }

}

...

Code Block
titleTargettedTicketImpl
public Class TargettedTicketImpl implements TargettedTicket {

    private final Date whenCreated = new Date();

    private final ExpirationPolicy expPolicy;

    private final TicketGrantingTicket parent;

    private final URL target;


    public SSOTicket(URL target, TicketGrantingTicket parent, ExpirationPolicy expPolicy) {
       this.target = target;
       this.parent = parent;
       this.expPolicy = expPolicy;
    }

    public boolean isValid() {
         return this.expPolicy.isValid()
             && this.parent.isValid();
    }

    public URL getTarget() {
        return this.target;
    }

    public List getPrincipalChain() {
      
      List principalChain = new ArrayList();

      TicketGrantingTicket ancestor = this.parent;

      while (ancestor != null) {

         principalChain.add(ancestor.getPrincipal());

         if (parent instanceof DerivedTicket) {
              DerivedTicket ancestorIsAlsoAChild = (DerivedTicket) ancestor;
              ancestor = ancestor.getParent();
         } else {
              // perhaps an ugly way of breaking out of this while loop
              ancestor = null;
         }

     }
            
     return principalChain;
    }

    public TicketGrantingTicket getParent() {
        return this.parent;
    }

}