public class CasProcessingFilter extends AbstractProcessingFilter
A service ticket consists of an opaque ticket string. It arrives at this
filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
service
. The opaque ticket string is presented in the ticket
request parameter. This
filter monitors the service
URL so it can receive the service ticket and process it. The CAS server
knows which service
URL to use via the ServiceProperties.getService()
method.
Processing the service ticket involves creating a UsernamePasswordAuthenticationToken
which
uses CAS_STATEFUL_IDENTIFIER
for the principal
and the opaque ticket string as the
credentials
.
The configured AuthenticationManager
is expected to provide a provider that can recognise
UsernamePasswordAuthenticationToken
s containing this special principal
name, and process
them accordingly by validation with the CAS server.
Do not use this class directly. Instead configure web.xml
to use the FilterToBeanProxy
.
Modifier and Type | Field and Description |
---|---|
static String |
CAS_STATEFUL_IDENTIFIER
Used to identify a CAS request for a stateful user agent, such as a web browser.
|
static String |
CAS_STATELESS_IDENTIFIER
Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg
Hessian, Burlap, SOAP etc).
|
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages
Constructor and Description |
---|
CasProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
String |
getDefaultFilterProcessesUrl()
This filter by default responds to
/j_acegi_cas_security_check . |
void |
init(javax.servlet.FilterConfig filterConfig)
Does nothing.
|
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthentication
public static final String CAS_STATEFUL_IDENTIFIER
public static final String CAS_STATELESS_IDENTIFIER
HttpSession
will result in a new authentication attempt on every request.public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
AbstractProcessingFilter
attemptAuthentication
in class AbstractProcessingFilter
request
- from which to extract parameters and perform the
authenticationAuthenticationException
- if authentication failspublic String getDefaultFilterProcessesUrl()
/j_acegi_cas_security_check
.getDefaultFilterProcessesUrl
in class AbstractProcessingFilter
public void init(javax.servlet.FilterConfig filterConfig) throws javax.servlet.ServletException
AbstractProcessingFilter
init
in interface javax.servlet.Filter
init
in class AbstractProcessingFilter
filterConfig
- ignoredjavax.servlet.ServletException
- ignoredCopyright © 2017. All rights reserved.