provided mechanism to do get a proxy ticket
This commit is contained in:
Scott Battaglia 2008-06-18 17:34:14 +00:00
parent d7f194df78
commit 5b089aea16
4 changed files with 77 additions and 13 deletions

View File

@ -15,6 +15,11 @@
package org.springframework.security.ui.cas; package org.springframework.security.ui.cas;
import java.io.IOException;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.security.Authentication; import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException; import org.springframework.security.AuthenticationException;
@ -24,6 +29,7 @@ import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.FilterChainOrder; import org.springframework.security.ui.FilterChainOrder;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/** /**
@ -38,6 +44,10 @@ import javax.servlet.http.HttpServletRequest;
* <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise * <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
* <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process * <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
* them accordingly by validation with the CAS server.</p> * them accordingly by validation with the CAS server.</p>
* <p>By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the CasProcessingFilter
* one can have the CasProcessingFilter handle the proxying requirements for CAS. In addition, the URI endpoint for the proxying
* would also need to be configured (i.e. the part after protocol, hostname, and port).
*
* <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
* org.springframework.security.util.FilterToBeanProxy}.</p> * org.springframework.security.util.FilterToBeanProxy}.</p>
* *
@ -57,8 +67,17 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
*/ */
public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_"; public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
//~ Methods ======================================================================================================== /**
* The last portion of the receptor url, i.e. /proxy/receptor
*/
private String proxyReceptorUrl;
/**
* The backing storage to store ProxyGrantingTicket requests.
*/
private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
//~ Methods ========================================================================================================
public Authentication attemptAuthentication(final HttpServletRequest request) public Authentication attemptAuthentication(final HttpServletRequest request)
throws AuthenticationException { throws AuthenticationException {
final String username = CAS_STATEFUL_IDENTIFIER; final String username = CAS_STATEFUL_IDENTIFIER;
@ -87,4 +106,35 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
public int getOrder() { public int getOrder() {
return FilterChainOrder.CAS_PROCESSING_FILTER; return FilterChainOrder.CAS_PROCESSING_FILTER;
} }
/**
* Overridden to provide proxying capabilities.
*/
protected boolean requiresAuthentication(final HttpServletRequest request,
final HttpServletResponse response) {
final String requestUri = request.getRequestURI();
if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
return super.requiresAuthentication(request, response);
}
try {
CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
return false;
} catch (final IOException e) {
return super.requiresAuthentication(request, response);
}
}
public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
this.proxyReceptorUrl = proxyReceptorUrl;
}
public final void setProxyGrantingTicketStorage(
final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
}
} }

View File

@ -10,11 +10,11 @@ client - this contains the actual sample web application which uses the cas serv
Running the CAS Server Running the CAS Server
----------------------- -----------------------
You first need to download the CAS server 3.2 distribution from You first need to download the CAS server 3.2.1 distribution from
http://www.ja-sig.org/products/cas/downloads/index.html http://www.ja-sig.org/products/cas/downloads/index.html
You only need the modules/cas-server-webapp-3.2.war web application file from the distribution. Copy this to the You only need the modules/cas-server-webapp-3.2.1.war web application file from the distribution. Copy this to the
"server" directory inside the one that contains this readme file (i.e. copy it to samples/cas/server). "server" directory inside the one that contains this readme file (i.e. copy it to samples/cas/server).
You can then run the CAS server (from the same) by executing the maven command You can then run the CAS server (from the same) by executing the maven command
@ -34,7 +34,7 @@ Running the Client Application
Leave the server running and start up a separate command window to run the sample application. Change to the directory Leave the server running and start up a separate command window to run the sample application. Change to the directory
samples/cas/client and execute the command samples/cas/client and execute the command
mvn:jetty-run mvn jetty:run
This should start the sample application on This should start the sample application on

View File

@ -11,7 +11,6 @@
<sec:logout /> <sec:logout />
</sec:http> </sec:http>
<sec:authentication-manager alias="authenticationManager"/> <sec:authentication-manager alias="authenticationManager"/>
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter"> <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
@ -19,6 +18,8 @@
<property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureUrl" value="/casfailed.jsp"/> <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
<property name="defaultTargetUrl" value="/"/> <property name="defaultTargetUrl" value="/"/>
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
<property name="proxyReceptorUrl" value="/secure/receptor" />
</bean> </bean>
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint"> <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
@ -33,11 +34,15 @@
<property name="ticketValidator"> <property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://localhost:9443/cas" /> <constructor-arg index="0" value="https://localhost:9443/cas" />
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
<property name="proxyCallbackUrl" value="https://localhost:8443/cas-sample/secure/receptor" />
</bean> </bean>
</property> </property>
<property name="key" value="an_id_for_this_auth_provider_only"/> <property name="key" value="an_id_for_this_auth_provider_only"/>
</bean> </bean>
<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties"> <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/> <property name="service" value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/>
<property name="sendRenew" value="false"/> <property name="sendRenew" value="false"/>
@ -48,5 +53,4 @@
<sec:user name="dianne" password="dianne" authorities="ROLE_USER" /> <sec:user name="dianne" password="dianne" authorities="ROLE_USER" />
<sec:user name="scott" password="scott" authorities="ROLE_USER" /> <sec:user name="scott" password="scott" authorities="ROLE_USER" />
</sec:user-service> </sec:user-service>
</beans> </beans>

View File

@ -17,7 +17,7 @@
<version>6.1.7</version> <version>6.1.7</version>
<configuration> <configuration>
<contextPath>/cas</contextPath> <contextPath>/cas</contextPath>
<webApp>${basedir}/cas-server-webapp-3.2.war</webApp> <webApp>${basedir}/cas-server-webapp-3.2.1.war</webApp>
<connectors> <connectors>
<connector implementation="org.mortbay.jetty.security.SslSocketConnector"> <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>9443</port> <port>9443</port>
@ -30,6 +30,16 @@
<needClientAuth>false</needClientAuth> <needClientAuth>false</needClientAuth>
</connector> </connector>
</connectors> </connectors>
<systemProperties>
<systemProperty>
<name>javax.net.ssl.trustStore</name>
<value>../../certificates/server.jks</value>
</systemProperty>
<systemProperty>
<name>javax.net.ssl.trustStorePassword</name>
<value>password</value>
</systemProperty>
</systemProperties>
</configuration> </configuration>
</plugin> </plugin>
</plugins> </plugins>