org.springframework.security.cas.authentication
Class CasAuthenticationProvider

java.lang.Object
  extended by org.springframework.security.cas.authentication.CasAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, AuthenticationProvider

public class CasAuthenticationProvider
extends java.lang.Object
implements AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware

An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS).

This AuthenticationProvider is capable of validating UsernamePasswordAuthenticationToken requests which contain a principal name equal to either CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER or CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER. It can also validate a previously created CasAuthenticationToken.


Field Summary
protected  org.springframework.context.support.MessageSourceAccessor messages
           
 
Constructor Summary
CasAuthenticationProvider()
           
 
Method Summary
 void afterPropertiesSet()
           
 Authentication authenticate(Authentication authentication)
          Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).
protected  java.lang.String getKey()
           
 StatelessTicketCache getStatelessTicketCache()
           
protected  org.jasig.cas.client.validation.TicketValidator getTicketValidator()
           
protected  UserDetails loadUserByAssertion(org.jasig.cas.client.validation.Assertion assertion)
          Template method for retrieving the UserDetails based on the assertion.
 void setAuthenticationUserDetailsService(AuthenticationUserDetailsService authenticationUserDetailsService)
           
 void setKey(java.lang.String key)
           
 void setMessageSource(org.springframework.context.MessageSource messageSource)
           
 void setServiceProperties(ServiceProperties serviceProperties)
           
 void setStatelessTicketCache(StatelessTicketCache statelessTicketCache)
           
 void setTicketValidator(org.jasig.cas.client.validation.TicketValidator ticketValidator)
           
 void setUserDetailsService(UserDetailsService userDetailsService)
          Deprecated. 
 boolean supports(java.lang.Class<? extends java.lang.Object> authentication)
          Returns true if this AuthenticationProvider supports the indicated Authentication object.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

messages

protected org.springframework.context.support.MessageSourceAccessor messages
Constructor Detail

CasAuthenticationProvider

public CasAuthenticationProvider()
Method Detail

afterPropertiesSet

public void afterPropertiesSet()
                        throws java.lang.Exception
Specified by:
afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
Throws:
java.lang.Exception

authenticate

public Authentication authenticate(Authentication authentication)
                            throws AuthenticationException
Description copied from interface: AuthenticationProvider
Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication).

Specified by:
authenticate in interface AuthenticationProvider
Parameters:
authentication - the authentication request object.
Returns:
a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
Throws:
AuthenticationException - if authentication fails.

loadUserByAssertion

protected UserDetails loadUserByAssertion(org.jasig.cas.client.validation.Assertion assertion)
Template method for retrieving the UserDetails based on the assertion. Default is to call configured userDetailsService and pass the username. Deployers can override this method and retrieve the user based on any criteria they desire.

Parameters:
assertion - The CAS Assertion.
Returns:
the UserDetails.

setUserDetailsService

@Deprecated
public void setUserDetailsService(UserDetailsService userDetailsService)
Deprecated. 


setAuthenticationUserDetailsService

public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService authenticationUserDetailsService)

setServiceProperties

public void setServiceProperties(ServiceProperties serviceProperties)

getKey

protected java.lang.String getKey()

setKey

public void setKey(java.lang.String key)

getStatelessTicketCache

public StatelessTicketCache getStatelessTicketCache()

getTicketValidator

protected org.jasig.cas.client.validation.TicketValidator getTicketValidator()

setMessageSource

public void setMessageSource(org.springframework.context.MessageSource messageSource)
Specified by:
setMessageSource in interface org.springframework.context.MessageSourceAware

setStatelessTicketCache

public void setStatelessTicketCache(StatelessTicketCache statelessTicketCache)

setTicketValidator

public void setTicketValidator(org.jasig.cas.client.validation.TicketValidator ticketValidator)

supports

public boolean supports(java.lang.Class<? extends java.lang.Object> authentication)
Description copied from interface: AuthenticationProvider
Returns true if this AuthenticationProvider supports the indicated Authentication object.

Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented instance of the Authentication class. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

Specified by:
supports in interface AuthenticationProvider
Parameters:
authentication - DOCUMENT ME!
Returns:
true if the implementation can more closely evaluate the Authentication class presented