|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.web.filter.GenericFilterBean org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter org.springframework.security.cas.web.CasAuthenticationFilter
public class CasAuthenticationFilter
Processes a CAS service ticket.
A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully
authenticating using CAS, and then receiving a HTTP redirect to a service
. The opaque ticket string is
presented in the ticket
request parameter. This filter monitors the service
URL so it can
receive the service ticket and process it. The CAS server knows which service
URL to use via the
ServiceProperties.getService()
method.
Processing the service ticket involves creating a UsernamePasswordAuthenticationToken
which
uses CAS_STATEFUL_IDENTIFIER
for the principal
and the opaque ticket string as the
credentials
.
The configured AuthenticationManager
is expected to provide a provider that can recognise
UsernamePasswordAuthenticationToken
s containing this special principal
name, and process
them accordingly by validation with the CAS server.
By configuring a shared ProxyGrantingTicketStorage
between the TicketValidator
and the
CasAuthenticationFilter one can have the CasAuthenticationFilter handle the proxying requirements for CAS. In addition, the
URI endpoint for the proxying would also need to be configured (i.e. the part after protocol, hostname, and port).
By default this filter processes the URL /j_spring_cas_security_check.
Field Summary | |
---|---|
static String |
CAS_STATEFUL_IDENTIFIER
Used to identify a CAS request for a stateful user agent, such as a web browser. |
static String |
CAS_STATELESS_IDENTIFIER
Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (e.g. |
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
---|
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
Fields inherited from class org.springframework.web.filter.GenericFilterBean |
---|
logger |
Constructor Summary | |
---|---|
CasAuthenticationFilter()
|
Method Summary | |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Performs actual authentication. |
protected boolean |
requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
Overridden to provide proxying capabilities. |
void |
setProxyGrantingTicketStorage(org.jasig.cas.client.proxy.ProxyGrantingTicketStorage proxyGrantingTicketStorage)
|
void |
setProxyReceptorUrl(String proxyReceptorUrl)
|
void |
setServiceProperties(ServiceProperties serviceProperties)
|
Methods inherited from class org.springframework.web.filter.GenericFilterBean |
---|
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
public static final String CAS_STATEFUL_IDENTIFIER
public static final String CAS_STATELESS_IDENTIFIER
HttpSession
will result in a new authentication attempt on every request.
Constructor Detail |
---|
public CasAuthenticationFilter()
Method Detail |
---|
public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException
AbstractAuthenticationProcessingFilter
The implementation should do one of the following:
attemptAuthentication
in class AbstractAuthenticationProcessingFilter
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a
multi-stage authentication process (such as OpenID).
AuthenticationException
- if authentication fails.
IOException
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
requiresAuthentication
in class AbstractAuthenticationProcessingFilter
true
if the filter should attempt authentication, false
otherwise.public final void setProxyReceptorUrl(String proxyReceptorUrl)
public final void setProxyGrantingTicketStorage(org.jasig.cas.client.proxy.ProxyGrantingTicketStorage proxyGrantingTicketStorage)
public final void setServiceProperties(ServiceProperties serviceProperties)
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |