org.apache.shiro.cas
Class CasFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.AccessControlFilter
                              extended by org.apache.shiro.web.filter.authc.AuthenticationFilter
                                  extended by org.apache.shiro.web.filter.authc.AuthenticatingFilter
                                      extended by org.apache.shiro.cas.CasFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor

public class CasFilter
extends AuthenticatingFilter

This filter validates the CAS service ticket to authenticate the user. It must be configured on the URL recognized by the CAS server. For example, in shiro.ini:

 [main]
 casFilter = org.apache.shiro.cas.CasFilter
 ...

 [urls]
 /shiro-cas = casFilter
 ...
 
(example : http://host:port/mycontextpath/shiro-cas)

Since:
1.2

Field Summary
 
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter
PERMISSIVE
 
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL
 
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
CasFilter()
           
 
Method Summary
protected  AuthenticationToken createToken(ServletRequest request, ServletResponse response)
          The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Returns false to always force authentication (user is never considered authenticated by this filter).
protected  boolean onAccessDenied(ServletRequest request, ServletResponse response)
          Execute login by creating token and logging subject with this token.
protected  boolean onLoginFailure(AuthenticationToken token, AuthenticationException ae, ServletRequest request, ServletResponse response)
          If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.
protected  boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
          If login has been successful, redirect user to the original protected url.
 void setFailureUrl(String failureUrl)
           
 
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter
cleanup, createToken, createToken, executeLogin, getHost, isPermissive, isRememberMe
 
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, issueSuccessRedirect, setSuccessUrl
 
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

CasFilter

public CasFilter()
Method Detail

createToken

protected AuthenticationToken createToken(ServletRequest request,
                                          ServletResponse response)
                                   throws Exception
The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).

Specified by:
createToken in class AuthenticatingFilter
Parameters:
request - the incoming request
response - the outgoing response
Throws:
Exception - if there is an error processing the request.

onAccessDenied

protected boolean onAccessDenied(ServletRequest request,
                                 ServletResponse response)
                          throws Exception
Execute login by creating token and logging subject with this token.

Specified by:
onAccessDenied in class AccessControlFilter
Parameters:
request - the incoming request
response - the outgoing response
Returns:
true if the request should continue to be processed; false if the subclass will handle/render the response directly.
Throws:
Exception - if there is an error processing the request.

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
Returns false to always force authentication (user is never considered authenticated by this filter).

Overrides:
isAccessAllowed in class AuthenticatingFilter
Parameters:
request - the incoming request
response - the outgoing response
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
false

onLoginSuccess

protected boolean onLoginSuccess(AuthenticationToken token,
                                 Subject subject,
                                 ServletRequest request,
                                 ServletResponse response)
                          throws Exception
If login has been successful, redirect user to the original protected url.

Overrides:
onLoginSuccess in class AuthenticatingFilter
Parameters:
token - the token representing the current authentication
subject - the current authenticated subjet
request - the incoming request
response - the outgoing response
Throws:
Exception - if there is an error processing the request.

onLoginFailure

protected boolean onLoginFailure(AuthenticationToken token,
                                 AuthenticationException ae,
                                 ServletRequest request,
                                 ServletResponse response)
If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.

Overrides:
onLoginFailure in class AuthenticatingFilter
Parameters:
token - the token representing the current authentication
ae - the current authentication exception
request - the incoming request
response - the outgoing response

setFailureUrl

public void setFailureUrl(String failureUrl)


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.