Package org.springframework.security.cas.web

Class CasAuthenticationEntryPoint

  • All Implemented Interfaces:
    org.springframework.beans.factory.InitializingBean, AuthenticationEntryPoint
    public class CasAuthenticationEntryPoint
extends java.lang.Object
implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean
    Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS).

    The user's browser will be redirected to the JA-SIG CAS enterprise-wide login page. This page is specified by the loginUrl property. Once login is complete, the CAS login page will redirect to the page indicated by the service property. The service is a HTTP URL belonging to the current application. The service URL is monitored by the CasAuthenticationFilter, which will validate the CAS login was successful.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void afterPropertiesSet()  
      void commence​(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse response, AuthenticationException authenticationException)
      Commences an authentication scheme.
      protected java.lang.String createRedirectUrl​(java.lang.String serviceUrl)
      Constructs the Url for Redirection to the CAS server.
      protected java.lang.String createServiceUrl​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Constructs a new Service Url.
      protected boolean getEncodeServiceUrlWithSessionId()
      Sets whether to encode the service url with the session id or not.
      java.lang.String getLoginUrl()
      The enterprise-wide CAS login URL.
      ServiceProperties getServiceProperties()  
      protected void preCommence​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
      Template method for you to do your own pre-processing before the redirect occurs.
      void setEncodeServiceUrlWithSessionId​(boolean encodeServiceUrlWithSessionId)
      Sets whether to encode the service url with the session id or not.
      void setLoginUrl​(java.lang.String loginUrl)  
      void setServiceProperties​(ServiceProperties serviceProperties)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • CasAuthenticationEntryPoint

        public CasAuthenticationEntryPoint()

    • Method Detail

      • afterPropertiesSet

        public void afterPropertiesSet()
        Specified by:
        afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

      • commence

        public final void commence​(javax.servlet.http.HttpServletRequest servletRequest,
                           javax.servlet.http.HttpServletResponse response,
                           AuthenticationException authenticationException)
                    throws java.io.IOException
        Description copied from interface: AuthenticationEntryPoint
        Commences an authentication scheme.

        ExceptionTranslationFilter will populate the HttpSession attribute named AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

        Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

        Specified by:
        commence in interface AuthenticationEntryPoint
        Parameters:
        servletRequest - that resulted in an AuthenticationException
        response - so that the user agent can begin authentication
        authenticationException - that caused the invocation
        Throws:
        java.io.IOException

      • createServiceUrl

        protected java.lang.String createServiceUrl​(javax.servlet.http.HttpServletRequest request,
                                            javax.servlet.http.HttpServletResponse response)
        Constructs a new Service Url. The default implementation relies on the CAS client to do the bulk of the work.
        Parameters:
        request - the HttpServletRequest
        response - the HttpServlet Response
        Returns:
        the constructed service url. CANNOT be NULL.

      • createRedirectUrl

        protected java.lang.String createRedirectUrl​(java.lang.String serviceUrl)
        Constructs the Url for Redirection to the CAS server. Default implementation relies on the CAS client to do the bulk of the work.
        Parameters:
        serviceUrl - the service url that should be included.
        Returns:
        the redirect url. CANNOT be NULL.

      • preCommence

        protected void preCommence​(javax.servlet.http.HttpServletRequest request,
                           javax.servlet.http.HttpServletResponse response)
        Template method for you to do your own pre-processing before the redirect occurs.
        Parameters:
        request - the HttpServletRequest
        response - the HttpServletResponse

      • getLoginUrl

        public final java.lang.String getLoginUrl()
        The enterprise-wide CAS login URL. Usually something like https://www.mycompany.com/cas/login.
        Returns:
        the enterprise-wide CAS login URL

      • setLoginUrl

        public final void setLoginUrl​(java.lang.String loginUrl)

      • setServiceProperties

        public final void setServiceProperties​(ServiceProperties serviceProperties)

      • setEncodeServiceUrlWithSessionId

        public final void setEncodeServiceUrlWithSessionId​(boolean encodeServiceUrlWithSessionId)
        Sets whether to encode the service url with the session id or not.
        Parameters:
        encodeServiceUrlWithSessionId - whether to encode the service url with the session id or not.

      • getEncodeServiceUrlWithSessionId

        protected boolean getEncodeServiceUrlWithSessionId()
        Sets whether to encode the service url with the session id or not.
        Returns:
        whether to encode the service url with the session id or not.