public class CasProcessingFilter extends AbstractProcessingFilter
A service ticket consists of an opaque ticket string. It arrives at this
filter by the user's browser successfully authenticating using CAS, and then receiving a HTTP redirect to a
service. The opaque ticket string is presented in the ticket request parameter. This
filter monitors the service URL so it can receive the service ticket and process it. The CAS server
knows which service URL to use via the ServiceProperties.getService() method.
Processing the service ticket involves creating a UsernamePasswordAuthenticationToken which
uses CAS_STATEFUL_IDENTIFIER for the principal and the opaque ticket string as the
credentials.
The configured AuthenticationManager is expected to provide a provider that can recognise
UsernamePasswordAuthenticationTokens containing this special principal name, and process
them accordingly by validation with the CAS server.
Do not use this class directly. Instead configure web.xml to use the FilterToBeanProxy.
| Modifier and Type | Field and Description |
|---|---|
static String |
CAS_STATEFUL_IDENTIFIER
Used to identify a CAS request for a stateful user agent, such as a web browser.
|
static String |
CAS_STATELESS_IDENTIFIER
Used to identify a CAS request for a stateless user agent, such as a remoting protocol client (eg
Hessian, Burlap, SOAP etc).
|
ACEGI_SAVED_REQUEST_KEY, ACEGI_SECURITY_LAST_EXCEPTION_KEY, authenticationDetailsSource, eventPublisher, logger, messages| Constructor and Description |
|---|
CasProcessingFilter() |
| Modifier and Type | Method and Description |
|---|---|
Authentication |
attemptAuthentication(javax.servlet.http.HttpServletRequest request)
Performs actual authentication.
|
String |
getDefaultFilterProcessesUrl()
This filter by default responds to
/j_acegi_cas_security_check. |
void |
init(javax.servlet.FilterConfig filterConfig)
Does nothing.
|
afterPropertiesSet, destroy, determineFailureUrl, determineTargetUrl, doFilter, getAuthenticationDetailsSource, getAuthenticationFailureUrl, getAuthenticationManager, getDefaultTargetUrl, getExceptionMappings, getFilterProcessesUrl, getRememberMeServices, isAlwaysUseDefaultTargetUrl, isContinueChainBeforeSuccessfulAuthentication, obtainFullRequestUrl, onPreAuthentication, onSuccessfulAuthentication, onUnsuccessfulAuthentication, requiresAuthentication, sendRedirect, setAlwaysUseDefaultTargetUrl, setApplicationEventPublisher, setAuthenticationDetailsSource, setAuthenticationFailureUrl, setAuthenticationManager, setBufferSize, setContinueChainBeforeSuccessfulAuthentication, setDefaultTargetUrl, setExceptionMappings, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setUseRelativeContext, successfulAuthentication, unsuccessfulAuthenticationpublic static final String CAS_STATEFUL_IDENTIFIER
public static final String CAS_STATELESS_IDENTIFIER
HttpSession will result in a new authentication attempt on every request.public Authentication attemptAuthentication(javax.servlet.http.HttpServletRequest request) throws AuthenticationException
AbstractProcessingFilterattemptAuthentication in class AbstractProcessingFilterrequest - from which to extract parameters and perform the
authenticationAuthenticationException - if authentication failspublic String getDefaultFilterProcessesUrl()
/j_acegi_cas_security_check.getDefaultFilterProcessesUrl in class AbstractProcessingFilterpublic void init(javax.servlet.FilterConfig filterConfig)
throws javax.servlet.ServletException
AbstractProcessingFilterinit in interface javax.servlet.Filterinit in class AbstractProcessingFilterfilterConfig - ignoredjavax.servlet.ServletException - ignoredCopyright © 2021. All rights reserved.