or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

authentication-service.mdindex.mdrequest-credential-handling.mdservice-access-control.md

request-credential-handling.mddocs/

0
# Request and Credential Handling
1


2
This module provides data classes and parsing interfaces for managing surrogate authentication requests and integrating with CAS's credential handling framework. These components bridge the gap between user input, credential processing, and the core surrogate authentication service.
3


4
## Capabilities
5


6
### Surrogate Authentication Request
7


8
A data class representing a complete surrogate authentication request with all necessary context information.
9


10
```java { .api }
11
@ToString
12
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
13
@Getter
14
@NoArgsConstructor(force = true)
15
@EqualsAndHashCode
16
@RequiredArgsConstructor
17
@SuperBuilder
18
public class SurrogateAuthenticationRequest implements Serializable {
19
    
20
    /**
21
     * The authentication credential containing user information
22
     */
23
    private final MutableCredential credential;
24


25
    /**
26
     * The original username attempting authentication
27
     */
28
    private final String username;
29


30
    /**
31
     * The target username to impersonate 
32
     */
33
    private final String surrogateUsername;
34


35
    /**
36
     * Whether surrogate user selection is available/required
37
     */
38
    private final boolean selectable;
39
    
40
    /**
41
     * Has surrogate username?.
42
     *
43
     * @return true/false
44
     */
45
    public boolean hasSurrogateUsername() {
46
        return StringUtils.isNotBlank(this.surrogateUsername);
47
    }
48
}
49
```
50


51
### Surrogate Credential Trait
52


53
A credential trait for marking credentials with surrogate authentication context.
54


55
```java { .api }
56
@ToString
57
@JsonTypeInfo(use = JsonTypeInfo.Id.CLASS)
58
@Getter
59
@NoArgsConstructor(force = true)
60
@EqualsAndHashCode
61
@RequiredArgsConstructor
62
public class SurrogateCredentialTrait implements CredentialTrait {
63
    
64
    /**
65
     * The target surrogate username
66
     */
67
    private final String surrogateUsername;
68
}
69
```
70


71
### Surrogate Credential Parser
72


73
Interface for parsing credentials to extract surrogate authentication requests.
74


75
```java { .api }
76
@FunctionalInterface
77
public interface SurrogateCredentialParser {
78


79
    /**
80
     * Default implementation bean name.
81
     */
82
    String BEAN_NAME = "surrogateCredentialParser";
83


84
    /**
85
     * Parse surrogate authentication request.
86
     *
87
     * @param credential the credential to parse
88
     * @return the surrogate authentication request, or empty if no surrogate context found
89
     */
90
    Optional<SurrogateAuthenticationRequest> parse(MutableCredential credential);
91
}
92
```
93


94
## Usage Examples
95


96
### Creating Surrogate Authentication Requests
97


98
```java
99
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationRequest;
100
import org.apereo.cas.authentication.MutableCredential;
101


102
// Using builder pattern
103
SurrogateAuthenticationRequest request = SurrogateAuthenticationRequest.builder()
104
    .credential(mutableCredential)
105
    .username("admin")
106
    .surrogateUsername("targetUser")
107
    .selectable(true)
108
    .build();
109


110
// Check if surrogate username is present
111
if (request.hasSurrogateUsername()) {
112
    String target = request.getSurrogateUsername();
113
    String original = request.getUsername();
114
    System.out.println("User " + original + " wants to impersonate " + target);
115
}
116


117
// Using RequiredArgsConstructor (Lombok-generated)
118
SurrogateAuthenticationRequest request2 = new SurrogateAuthenticationRequest(
119
    credential, "admin", "targetUser", false
120
);
121
```
122


123
### Implementing Credential Parser
124


125
```java
126
import org.apereo.cas.authentication.surrogate.SurrogateCredentialParser;
127
import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationRequest;
128
import org.apereo.cas.authentication.MutableCredential;
129


130
import java.util.Optional;
131


132
public class CustomSurrogateCredentialParser implements SurrogateCredentialParser {
133
    
134
    @Override
135
    public Optional<SurrogateAuthenticationRequest> parse(MutableCredential credential) {
136
        // Check if credential contains surrogate context
137
        String username = credential.getId();
138
        
139
        // Example: Parse username+surrogate format like "admin+targetUser"
140
        if (username != null && username.contains("+")) {
141
            String[] parts = username.split("\\+", 2);
142
            if (parts.length == 2) {
143
                String originalUser = parts[0];
144
                String surrogateUser = parts[1];
145
                
146
                return Optional.of(SurrogateAuthenticationRequest.builder()
147
                    .credential(credential)
148
                    .username(originalUser)
149
                    .surrogateUsername(surrogateUser)
150
                    .selectable(false)
151
                    .build());
152
            }
153
        }
154
        
155
        return Optional.empty();
156
    }
157
}
158
```
159


160
### Using Credential Traits
161


162
```java
163
import org.apereo.cas.authentication.surrogate.SurrogateCredentialTrait;
164
import org.apereo.cas.authentication.MutableCredential;
165


166
// Add surrogate trait to credential
167
MutableCredential credential = // ... get credential
168
SurrogateCredentialTrait trait = new SurrogateCredentialTrait("targetUser");
169


170
// Add trait to credential (depends on credential implementation)
171
credential.getCredentialTraits().add(trait);
172


173
// Access trait later
174
Optional<SurrogateCredentialTrait> surrogateTrait = credential.getCredentialTraits()
175
    .stream()
176
    .filter(SurrogateCredentialTrait.class::isInstance)
177
    .map(SurrogateCredentialTrait.class::cast)
178
    .findFirst();
179


180
if (surrogateTrait.isPresent()) {
181
    String surrogateUsername = surrogateTrait.get().getSurrogateUsername();
182
    // Process surrogate authentication
183
}
184
```
185


186
### JSON Serialization
187


188
Both `SurrogateAuthenticationRequest` and `SurrogateCredentialTrait` support JSON serialization via Jackson annotations:
189


190
```java
191
import com.fasterxml.jackson.databind.ObjectMapper;
192


193
ObjectMapper mapper = new ObjectMapper();
194


195
// Serialize request
196
SurrogateAuthenticationRequest request = // ... create request
197
String json = mapper.writeValueAsString(request);
198


199
// Deserialize request  
200
SurrogateAuthenticationRequest restored = mapper.readValue(json, SurrogateAuthenticationRequest.class);
201
```
202


203
## Required Dependencies
204


205
These classes depend on types from:
206


207
```java
208
import org.apereo.cas.authentication.MutableCredential;
209
import org.apereo.cas.authentication.CredentialTrait;
210


211
import com.fasterxml.jackson.annotation.JsonTypeInfo;
212
import lombok.EqualsAndHashCode;
213
import lombok.Getter;
214
import lombok.NoArgsConstructor;
215
import lombok.RequiredArgsConstructor;
216
import lombok.ToString;
217
import lombok.experimental.SuperBuilder;
218
import org.apache.commons.lang3.StringUtils;
219


220
import java.io.Serial;
221
import java.io.Serializable;
222
import java.util.Optional;
223
```