Class CasAuthenticationEntryPoint

java.lang.Object
org.springframework.security.cas.web.CasAuthenticationEntryPoint
All Implemented Interfaces:
org.springframework.beans.factory.InitializingBean, AuthenticationEntryPoint

public class CasAuthenticationEntryPoint extends Object implements AuthenticationEntryPoint, org.springframework.beans.factory.InitializingBean
Used by the ExceptionTranslationFilter to commence authentication via the JA-SIG Central Authentication Service (CAS).

The user's browser will be redirected to the JA-SIG CAS enterprise-wide login page. This page is specified by the loginUrl property. Once login is complete, the CAS login page will redirect to the page indicated by the service property. The service is a HTTP URL belonging to the current application. The service URL is monitored by the CasAuthenticationFilter, which will validate the CAS login was successful.

  • Constructor Details

    • CasAuthenticationEntryPoint

      public CasAuthenticationEntryPoint()
  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    • commence

      public final void commence(jakarta.servlet.http.HttpServletRequest servletRequest, jakarta.servlet.http.HttpServletResponse response, AuthenticationException authenticationException) throws IOException
      Description copied from interface: AuthenticationEntryPoint
      Commences an authentication scheme.

      ExceptionTranslationFilter will populate the HttpSession attribute named AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

      Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

      Specified by:
      commence in interface AuthenticationEntryPoint
      Parameters:
      servletRequest - that resulted in an AuthenticationException
      response - so that the user agent can begin authentication
      authenticationException - that caused the invocation
      Throws:
      IOException
    • createServiceUrl

      protected String createServiceUrl(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Constructs a new Service Url. The default implementation relies on the CAS client to do the bulk of the work.
      Parameters:
      request - the HttpServletRequest
      response - the HttpServlet Response
      Returns:
      the constructed service url. CANNOT be NULL.
    • createRedirectUrl

      protected String createRedirectUrl(String serviceUrl)
      Constructs the Url for Redirection to the CAS server. Default implementation relies on the CAS client to do the bulk of the work.
      Parameters:
      serviceUrl - the service url that should be included.
      Returns:
      the redirect url. CANNOT be NULL.
    • preCommence

      protected void preCommence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Template method for you to do your own pre-processing before the redirect occurs.
      Parameters:
      request - the HttpServletRequest
      response - the HttpServletResponse
    • getLoginUrl

      public final String getLoginUrl()
      The enterprise-wide CAS login URL. Usually something like https://www.mycompany.com/cas/login.
      Returns:
      the enterprise-wide CAS login URL
    • getServiceProperties

      public final ServiceProperties getServiceProperties()
    • setLoginUrl

      public final void setLoginUrl(String loginUrl)
    • setServiceProperties

      public final void setServiceProperties(ServiceProperties serviceProperties)
    • setEncodeServiceUrlWithSessionId

      public final void setEncodeServiceUrlWithSessionId(boolean encodeServiceUrlWithSessionId)
      Sets whether to encode the service url with the session id or not.
      Parameters:
      encodeServiceUrlWithSessionId - whether to encode the service url with the session id or not.
    • getEncodeServiceUrlWithSessionId

      protected boolean getEncodeServiceUrlWithSessionId()
      Sets whether to encode the service url with the session id or not.
      Returns:
      whether to encode the service url with the session id or not.