org.acegisecurity.providers.cas
Interface CasAuthoritiesPopulator

All Known Implementing Classes:

DaoCasAuthoritiesPopulator

public interface CasAuthoritiesPopulator

Populates the UserDetails associated with a CAS authenticated user.

CAS does not provide the authorities (roles) granted to a user. It merely authenticates their identity. As the Acegi Security System for Spring needs to know the authorities granted to a user in order to construct a valid Authentication object, implementations of this interface will provide this information.

A UserDetails is returned by implementations. The UserDetails must, at minimum, contain the username and GrantedAuthority[] objects applicable to the CAS-authenticated user. Note that Acegi Security ignores the password and enabled/disabled status of the UserDetails because this is authentication-related and should have been enforced by the CAS server. The UserDetails returned by implementations is stored in the generated CasAuthenticationToken, so additional properties such as email addresses, telephone numbers etc can easily be stored.

Implementations should not perform any caching. They will only be called when a refresh is required.

Version:

$Id: CasAuthoritiesPopulator.java 1784 2007-02-24 21:00:24Z luke_t $

Author:

Ben Alex

Method Summary

UserDetails

getUserDetails(String casUserId) Obtains the granted authorities for the specified user.

Method Detail

getUserDetails

UserDetails getUserDetails(String casUserId)
                           throws AuthenticationException

Obtains the granted authorities for the specified user.

May throw any AuthenticationException or return null if the authorities are unavailable.

Parameters:

casUserId - as obtained from the CAS validation service

Returns:

the details of the indicated user (at minimum the granted authorities and the username)

Throws:

AuthenticationException - DOCUMENT ME!