Service Access Strategy - Chaining
Multiple access strategies can be combined together to form complex rules and conditions in a chain. Using chains, one can implement advanced Boolean logic to group results together. Note that chains can contain other chains as well.
The following access strategy chain allows service access if the authenticated principal,
- has an attribute
key1
with a value ofvalue1
AND an attributekey2
with a value ofvalue2
.
…OR…
- has an attribute
key3
with a value ofvalue3
.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^https://.+",
"name" : "test",
"id" : 1,
"accessStrategy" : {
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[ {
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key1": [ "java.util.LinkedHashSet", [ "value1" ] ]
}
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key2": [ "java.util.LinkedHashSet", [ "value2" ] ]
}
}
]
],
"operator": "AND"
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key3": [ "java.util.LinkedHashSet", [ "value3" ] ]
}
}
]
],
"operator": "OR"
}
}