org.springframework.security.cas.web
Class CasAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.cas.web.CasAuthenticationFilter
- All Implemented Interfaces:
- javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ApplicationEventPublisherAware, MessageSourceAware, ServletContextAware
public class CasAuthenticationFilter
- extends org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
Processes a CAS service ticket.
A service ticket consists of an opaque ticket string. It arrives at this filter by the user's browser successfully
authenticating using CAS, and then receiving a HTTP redirect to a service. The opaque ticket string is
presented in the ticket request parameter. This filter monitors the service URL so it can
receive the service ticket and process it. The CAS server knows which service URL to use via the
ServiceProperties.getService() method.
Processing the service ticket involves creating a UsernamePasswordAuthenticationToken which
uses CAS_STATEFUL_IDENTIFIER for the principal and the opaque ticket string as the
credentials.
The configured AuthenticationManager is expected to provide a provider that can recognise
UsernamePasswordAuthenticationTokens containing this special principal name, and process
them accordingly by validation with the CAS server.
By configuring a shared ProxyGrantingTicketStorage between the TicketValidator and the
CasAuthenticationFilter one can have the CasAuthenticationFilter handle the proxying requirements for CAS. In addition, the
URI endpoint for the proxying would also need to be configured (i.e. the part after protocol, hostname, and port).
By default this filter processes the URL /j_spring_cas_security_check.
- Author:
- Ben Alex, Rob Winch
| Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
authenticationDetailsSource, eventPublisher, messages, SPRING_SECURITY_LAST_EXCEPTION_KEY |
| Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter |
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationDetailsSource, getAuthenticationManager, getFilterProcessesUrl, getRememberMeServices, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
CAS_STATEFUL_IDENTIFIER
public static final String CAS_STATEFUL_IDENTIFIER
- Used to identify a CAS request for a stateful user agent, such as a web browser.
- See Also:
- Constant Field Values
CAS_STATELESS_IDENTIFIER
public static final String CAS_STATELESS_IDENTIFIER
- Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (e.g.
Hessian, Burlap, SOAP etc). Results in a more aggressive caching strategy being used, as the absence of a
HttpSession will result in a new authentication attempt on every request.
- See Also:
- Constant Field Values
CasAuthenticationFilter
public CasAuthenticationFilter()
attemptAuthentication
public org.springframework.security.core.Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
throws org.springframework.security.core.AuthenticationException,
IOException
- Specified by:
attemptAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
- Throws:
org.springframework.security.core.AuthenticationException
IOException
requiresAuthentication
protected boolean requiresAuthentication(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response)
- Overridden to provide proxying capabilities.
- Overrides:
requiresAuthentication in class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
setProxyReceptorUrl
public final void setProxyReceptorUrl(String proxyReceptorUrl)
setProxyGrantingTicketStorage
public final void setProxyGrantingTicketStorage(org.jasig.cas.client.proxy.ProxyGrantingTicketStorage proxyGrantingTicketStorage)
setServiceProperties
public final void setServiceProperties(ServiceProperties serviceProperties)