TGT expiration policy based on request IP

Unicon / cas-addons

Open source CAS customizations, extensions, and configuration aids.

http://unicon.github.io/cas-addons/

Apache License 2.0

54 stars 26 forks source link

TGT expiration policy based on request IP #14

Closed mmoayyed closed 11 years ago

mmoayyed commented 11 years ago

Explore the possibility of defining a composite expiration policy that acts based on the user's IP address and can delegate to inner policies based on configurable pattern/rule

dima767 commented 11 years ago

Now we could revisit this for potential inclusion in 1.9. Once again, what would it look like? :-)

mmoayyed commented 11 years ago

So, I am thinking that the delegator and the evalator need to be separate and pluggable. As in:

There is a ticket expiration policy that is able to delegate the work to other expiration policy components.
There is an evaluator API, pluggable that return perhaps a true/false. Helps the delegator understand whether the request needs to be routed to inner expiration policy one (if true), or two (if false)

We would then write various impls of the evaluator, one that is IP-based maybe.

mmoayyed commented 11 years ago

So for instance, the use case might be that if the evaluator (that is IP-based) matches a particular pattern out of the http request object, (one that perhaps indicates a public workstation) the evaluator returns true. Then, the delegator would base that request of a plugged in ticket expirationly policy that says, expire tickets immediately.

The evalutor needs to be pluggable with various impls. The inner delegated-to ticket expiration policies also need to be pluggable and wired in.

mmoayyed commented 11 years ago

https://github.com/Unicon/cas-addons/wiki/Request-Based-Ticket-Expiration-Policy