org.acegisecurity.ui.cas
Class CasProcessingFilter

java.lang.Object
  extended by org.acegisecurity.ui.AbstractProcessingFilter
      extended by org.acegisecurity.ui.cas.CasProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.MessageSourceAware

public class CasProcessingFilter
extends AbstractProcessingFilter

Processes a CAS service ticket.

A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a service. The opaque ticket string is presented in the ticket request parameter. This filter monitors the service URL so it can receive the service ticket and process it. The CAS server knows which service URL to use via the ServiceProperties.getService() method.

Processing the service ticket involves creating a UsernamePasswordAuthenticationToken which uses CAS_STATEFUL_IDENTIFIER for the principal and the opaque ticket string as the credentials.

The configured AuthenticationManager is expected to provide a provider that can recognise UsernamePasswordAuthenticationTokens containing this special principal name, and process them accordingly by validation with the CAS server.

Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.

Version:
$Id: CasProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
Author:
Ben Alex

Field Summary
static String CAS_STATEFUL_IDENTIFIER
          Used to identify a CAS request for a stateful user agent, such as a web browser.
static String CAS_STATELESS_IDENTIFIER
          Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg Hessian, Burlap, SOAP etc).
 
Fields inherited from class org.acegisecurity.ui.AbstractProcessingFilter
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages
 
Constructor Summary
CasProcessingFilter()
           
 
Method Summary
 Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
          Performs actual authentication.
 String getDefaultFilterProcessesUrl()
          This filter by default responds to /j_acegi_cas_security_check.
 void init(javax.servlet.FilterConfig filterConfig)
          Does nothing.
 
Methods inherited from class org.acegisecurity.ui.AbstractProcessingFilter
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

CAS_STATEFUL_IDENTIFIER

public static final String CAS_STATEFUL_IDENTIFIER
Used to identify a CAS request for a stateful user agent, such as a web browser.

See Also:
Constant Field Values

CAS_STATELESS_IDENTIFIER

public static final String CAS_STATELESS_IDENTIFIER
Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg Hessian, Burlap, SOAP etc). Results in a more aggressive caching strategy being used, as the absence of a HttpSession will result in a new authentication attempt on every request.

See Also:
Constant Field Values
Constructor Detail

CasProcessingFilter

public CasProcessingFilter()
Method Detail

attemptAuthentication

public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request)
                                     throws AuthenticationException
Description copied from class: AbstractProcessingFilter
Performs actual authentication.

Specified by:
attemptAuthentication in class AbstractProcessingFilter
Parameters:
request - from which to extract parameters and perform the authentication
Returns:
the authenticated user
Throws:
AuthenticationException - if authentication fails

getDefaultFilterProcessesUrl

public String getDefaultFilterProcessesUrl()
This filter by default responds to /j_acegi_cas_security_check.

Specified by:
getDefaultFilterProcessesUrl in class AbstractProcessingFilter
Returns:
the default

init

public void init(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
Description copied from class: AbstractProcessingFilter
Does nothing. We use IoC container lifecycle services instead.

Specified by:
init in interface javax.servlet.Filter
Overrides:
init in class AbstractProcessingFilter
Parameters:
filterConfig - ignored
Throws:
javax.servlet.ServletException - ignored


Copyright © 2004-2012 Interface21, Inc. All Rights Reserved.