CasProcessingFilter xref

View Javadoc

1   /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.acegisecurity.ui.cas;
17  
18  import org.acegisecurity.Authentication;
19  import org.acegisecurity.AuthenticationException;
20  
21  import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
22  
23  import org.acegisecurity.ui.AbstractProcessingFilter;
24  
25  import javax.servlet.FilterConfig;
26  import javax.servlet.ServletException;
27  import javax.servlet.http.HttpServletRequest;
28  
29  
30  /**
31   * Processes a CAS service ticket.<p>A service ticket consists of an opaque ticket string. It arrives at this
32   * filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
33   * <code>service</code>. The opaque ticket string is presented in the <code>ticket</code> request parameter. This
34   * filter monitors the <code>service</code> URL so it can receive the service ticket and process it. The CAS server
35   * knows which <code>service</code> URL to use via the {@link ServiceProperties#getService()} method.</p>
36   *  <p>Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
37   * uses {@link #CAS_STATEFUL_IDENTIFIER} for the <code>principal</code> and the opaque ticket string as the
38   * <code>credentials</code>.</p>
39   *  <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
40   * <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
41   * them accordingly by validation with the CAS server.</p>
42   *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
43   * org.acegisecurity.util.FilterToBeanProxy}.</p>
44   *
45   * @author Ben Alex
46   * @version $Id: CasProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
47   */
48  public class CasProcessingFilter extends AbstractProcessingFilter {
49      //~ Static fields/initializers =====================================================================================
50  
51      /** Used to identify a CAS request for a stateful user agent, such as a web browser. */
52      public static final String CAS_STATEFUL_IDENTIFIER = "_cas_stateful_";
53  
54      /**
55       * Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg
56       * Hessian, Burlap, SOAP etc). Results in a more aggressive caching strategy being used, as the absence of a
57       * <code>HttpSession</code> will result in a new authentication attempt on every request.
58       */
59      public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
60  
61      //~ Methods ========================================================================================================
62  
63      public Authentication attemptAuthentication(HttpServletRequest request)
64          throws AuthenticationException {
65          String username = CAS_STATEFUL_IDENTIFIER;
66          String password = request.getParameter("ticket");
67  
68          if (password == null) {
69              password = "";
70          }
71  
72          UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);
73  
74          authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));
75  
76          return this.getAuthenticationManager().authenticate(authRequest);
77      }
78  
79      /**
80       * This filter by default responds to <code>/j_acegi_cas_security_check</code>.
81       *
82       * @return the default
83       */
84      public String getDefaultFilterProcessesUrl() {
85          return "/j_acegi_cas_security_check";
86      }
87  
88      public void init(FilterConfig filterConfig) throws ServletException {}
89  }