org.apache.shiro.cas

Class CasFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authc.AuthenticationFilter

org.apache.shiro.web.filter.authc.AuthenticatingFilter

org.apache.shiro.cas.CasFilter

All Implemented Interfaces:

javax.servlet.Filter, Nameable, PathConfigProcessor

public class CasFilter
extends AuthenticatingFilter

This filter validates the CAS service ticket to authenticate the user. It must be configured on the URL recognized by the CAS server. For example, in shiro.ini:

 [main]
 casFilter = org.apache.shiro.cas.CasFilter
 ...

 [urls]
 /shiro-cas = casFilter
 ...
 

(example : http://host:port/mycontextpath/shiro-cas)

Since:

1.2

Field Summary

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

PERMISSIVE

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

DEFAULT_SUCCESS_URL

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
CasFilter()

Method Summary

Methods

Modifier and Type	Method and Description
protected AuthenticationToken	createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).
protected boolean	isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) Returns false to always force authentication (user is never considered authenticated by this filter).
protected boolean	onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) Execute login by creating token and logging subject with this token.
protected boolean	onLoginFailure(AuthenticationToken token, AuthenticationException ae, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.
protected boolean	onLoginSuccess(AuthenticationToken token, Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) If login has been successful, redirect user to the original protected url.
void	setFailureUrl(String failureUrl)

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter

cleanup, createToken, createToken, executeLogin, getHost, isPermissive, isRememberMe

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

getSuccessUrl, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

CasFilter

public CasFilter()

Method Detail

createToken

protected AuthenticationToken createToken(javax.servlet.ServletRequest request,
                              javax.servlet.ServletResponse response)
                                   throws Exception

The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).

Specified by:

createToken in class AuthenticatingFilter

Parameters:

request - the incoming request

response - the outgoing response

Throws:

Exception - if there is an error processing the request.

onAccessDenied

protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response)
                          throws Exception

Execute login by creating token and logging subject with this token.

Specified by:

onAccessDenied in class AccessControlFilter

Parameters:

request - the incoming request

response - the outgoing response

Throws:

Exception - if there is an error processing the request.

isAccessAllowed

protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                      javax.servlet.ServletResponse response,
                      Object mappedValue)

Returns false to always force authentication (user is never considered authenticated by this filter).

Overrides:

isAccessAllowed in class AuthenticatingFilter

Parameters:

request - the incoming request

response - the outgoing response

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

false

onLoginSuccess

protected boolean onLoginSuccess(AuthenticationToken token,
                     Subject subject,
                     javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response)
                          throws Exception

If login has been successful, redirect user to the original protected url.

Overrides:

onLoginSuccess in class AuthenticatingFilter

Parameters:

token - the token representing the current authentication

subject - the current authenticated subjet

request - the incoming request

response - the outgoing response

Throws:

Exception - if there is an error processing the request.

onLoginFailure

protected boolean onLoginFailure(AuthenticationToken token,
                     AuthenticationException ae,
                     javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response)

If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.

Overrides:

onLoginFailure in class AuthenticatingFilter

Parameters:

token - the token representing the current authentication

ae - the current authentication exception

request - the incoming request

response - the outgoing response

setFailureUrl

public void setFailureUrl(String failureUrl)