package org.apereo.cas.authentication;
import org.apereo.cas.services.RegisteredService;
import java.util.Map;
/**
* An encoder that defines how a CAS attribute
* is to be encoded and signed in the CAS
* validation response. The collection of
* attributes should not be mangled with and
* filtered. All attributes will be released.
* It is up to the implementations
* to decide which attribute merits encrypting.
*
* @author Misagh Moayyed
* @since 4.1
*/
public interface ProtocolAttributeEncoder {
/**
* Encodes attributes that are ready to be released.
* Typically, this method tries to ensure that the
* PGT and the credential password are correctly encrypted
* before they are released. Attributes should not be filtered
* and removed and it is assumed that all will be returned
* back to the service.
* @param attributes The attribute collection that is ready to be released
* @param service the requesting service for which attributes are to be encoded
* @return collection of attributes after encryption ready for release.
* @since 4.1
*/
Map<String, Object> encodeAttributes(Map<String, Object> attributes, RegisteredService service);
}