CasAuthoritiesPopulator xref

View Javadoc

1   /* Copyright 2004 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.providers.cas;
17  
18  import org.acegisecurity.AuthenticationException;
19  import org.acegisecurity.userdetails.UserDetails;
20  
21  
22  /***
23   * Populates the <code>UserDetails</code> associated with a CAS authenticated
24   * user.
25   * 
26   * <P>
27   * CAS does not provide the authorities (roles) granted to a user. It merely
28   * authenticates their identity. As the Acegi Security System for Spring needs
29   * to know the authorities granted to a user in order to construct a valid
30   * <code>Authentication</code> object, implementations of this interface will
31   * provide this information.
32   * </p>
33   * 
34   * <P>
35   * A {@link UserDetails} is returned by implementations. The
36   * <code>UserDetails</code> must, at minimum, contain the username and
37   * <code>GrantedAuthority[]</code> objects applicable to the CAS-authenticated
38   * user. Note that Acegi Security ignores the password and enabled/disabled
39   * status of the <code>UserDetails</code> because this is
40   * authentication-related and should have been enforced by the CAS server. The
41   * <code>UserDetails</code> returned by implementations is stored in the
42   * generated <code>CasAuthenticationToken</code>, so additional properties
43   * such as email addresses, telephone numbers etc can easily be stored.
44   * </p>
45   * 
46   * <P>
47   * Implementations should not perform any caching. They will only be called
48   * when a refresh is required.
49   * </p>
50   *
51   * @author Ben Alex
52   * @version $Id: CasAuthoritiesPopulator.java,v 1.4 2005/11/29 13:10:07 benalex Exp $
53   */
54  public interface CasAuthoritiesPopulator {
55      //~ Methods ================================================================
56  
57      /***
58       * Obtains the granted authorities for the specified user.
59       * 
60       * <P>
61       * May throw any <code>AuthenticationException</code> or return
62       * <code>null</code> if the authorities are unavailable.
63       * </p>
64       *
65       * @param casUserId as obtained from the CAS validation service
66       *
67       * @return the details of the indicated user (at minimum the granted
68       *         authorities and the username)
69       *
70       * @throws AuthenticationException DOCUMENT ME!
71       */
72      public UserDetails getUserDetails(String casUserId)
73          throws AuthenticationException;
74  }