WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
Service Access Strategy - Chaining
Multiple access strategies can be combined together to form complex rules and conditions in a chain. Using chains, one can implement advanced Boolean logic to group results together. Note that chains can contain other chains as well.
The following access strategy chain allows service access if the authenticated principal,
- has an attribute
key1with a value ofvalue1AND an attributekey2with a value ofvalue2.
…OR…
- has an attribute
key3with a value ofvalue3.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
{
"@class" : "org.apereo.cas.services.CasRegisteredService",
"serviceId" : "^https://.+",
"name" : "test",
"id" : 1,
"accessStrategy" : {
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[ {
"@class": "org.apereo.cas.services.ChainingRegisteredServiceAccessStrategy",
"strategies": [ "java.util.ArrayList",
[
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key1": [ "java.util.LinkedHashSet", [ "value1" ] ]
}
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key2": [ "java.util.LinkedHashSet", [ "value2" ] ]
}
}
]
],
"operator": "AND"
},
{
"@class": "org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy",
"requiredAttributes": {
"@class": "java.util.LinkedHashMap",
"key3": [ "java.util.LinkedHashSet", [ "value3" ] ]
}
}
]
],
"operator": "OR"
}
}