01: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
02: *
03: * Licensed under the Apache License, Version 2.0 (the "License");
04: * you may not use this file except in compliance with the License.
05: * You may obtain a copy of the License at
06: *
07: * http://www.apache.org/licenses/LICENSE-2.0
08: *
09: * Unless required by applicable law or agreed to in writing, software
10: * distributed under the License is distributed on an "AS IS" BASIS,
11: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12: * See the License for the specific language governing permissions and
13: * limitations under the License.
14: */
15:
16: package org.acegisecurity.ui.cas;
17:
18: import org.acegisecurity.Authentication;
19: import org.acegisecurity.AuthenticationException;
20:
21: import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
22:
23: import org.acegisecurity.ui.AbstractProcessingFilter;
24:
25: import javax.servlet.FilterConfig;
26: import javax.servlet.ServletException;
27: import javax.servlet.http.HttpServletRequest;
28:
29: /**
30: * Processes a CAS service ticket.<p>A service ticket consists of an opaque ticket string. It arrives at this
31: * filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
32: * <code>service</code>. The opaque ticket string is presented in the <code>ticket</code> request parameter. This
33: * filter monitors the <code>service</code> URL so it can receive the service ticket and process it. The CAS server
34: * knows which <code>service</code> URL to use via the {@link ServiceProperties#getService()} method.</p>
35: * <p>Processing the service ticket involves creating a <code>UsernamePasswordAuthenticationToken</code> which
36: * uses {@link #CAS_STATEFUL_IDENTIFIER} for the <code>principal</code> and the opaque ticket string as the
37: * <code>credentials</code>.</p>
38: * <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
39: * <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
40: * them accordingly by validation with the CAS server.</p>
41: * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
42: * org.acegisecurity.util.FilterToBeanProxy}.</p>
43: *
44: * @author Ben Alex
45: * @version $Id: CasProcessingFilter.java 1496 2006-05-23 13:38:33Z benalex $
46: */
47: public class CasProcessingFilter extends AbstractProcessingFilter {
48: //~ Static fields/initializers =====================================================================================
49:
50: /** Used to identify a CAS request for a stateful user agent, such as a web browser. */
51: public static final String CAS_STATEFUL_IDENTIFIER = "_cas_stateful_";
52:
53: /**
54: * Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg
55: * Hessian, Burlap, SOAP etc). Results in a more aggressive caching strategy being used, as the absence of a
56: * <code>HttpSession</code> will result in a new authentication attempt on every request.
57: */
58: public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
59:
60: //~ Methods ========================================================================================================
61:
62: public Authentication attemptAuthentication(
63: HttpServletRequest request) throws AuthenticationException {
64: String username = CAS_STATEFUL_IDENTIFIER;
65: String password = request.getParameter("ticket");
66:
67: if (password == null) {
68: password = "";
69: }
70:
71: UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
72: username, password);
73:
74: authRequest.setDetails(authenticationDetailsSource
75: .buildDetails((HttpServletRequest) request));
76:
77: return this .getAuthenticationManager()
78: .authenticate(authRequest);
79: }
80:
81: /**
82: * This filter by default responds to <code>/j_acegi_cas_security_check</code>.
83: *
84: * @return the default
85: */
86: public String getDefaultFilterProcessesUrl() {
87: return "/j_acegi_cas_security_check";
88: }
89:
90: public void init(FilterConfig filterConfig) throws ServletException {
91: }
92: }
|