Package org.tynamo.security.shiro.authc

Class CasFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.tynamo.security.shiro.AccessControlFilter
org.tynamo.security.shiro.authc.AuthenticationFilter
org.tynamo.security.shiro.authc.AuthenticatingFilter
org.tynamo.security.shiro.authc.CasFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.apache.shiro.lang.util.Nameable
public class CasFilter extends AuthenticatingFilter
This filter validates the CAS service ticket to authenticate the user. It must be configured on the URL recognized by the CAS server. For example, in shiro.ini: 
 [main]
 casFilter = org.apache.shiro.cas.CasFilter
 ...

 [urls]
 /shiro-cas = casFilter
 ...
(example : http://host:port/mycontextpath/shiro-cas)
Since:
1.2

  • Field Summary

    Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

    GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URL

    Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    ALREADY_FILTERED_SUFFIX

    Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

    filterConfig

  • Constructor Summary

    Constructors
    Constructor
    Description
    CasFilter(LoginContextService loginContextService)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.apache.shiro.authc.AuthenticationToken
    createToken(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).
    protected boolean
    isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue)
    Returns false to always force authentication (user is never considered authenticated by this filter).
    protected boolean
    onAccessDenied(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    Execute login by creating token and logging subject with this token.
    protected boolean
    onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException ae, jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.
    protected boolean
    onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
    If login has been successful, redirect user to the original protected url.
    void
    setFailureUrl(String failureUrl)
     

    Methods inherited from class org.tynamo.security.shiro.authc.AuthenticatingFilter

    createToken, createToken, executeLogin, getHost, isRememberMe

    Methods inherited from class org.tynamo.security.shiro.authc.AuthenticationFilter

    issueSuccessRedirect

    Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

    addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

    Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

    afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

    Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

    doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

    Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

    getName, setName, toStringBuilder

    Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

    destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

    Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

    getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

  • Method Details

    • createToken

      protected org.apache.shiro.authc.AuthenticationToken createToken(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws Exception
      The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which the filter must be configured).
      Specified by:
      createToken in class AuthenticatingFilter
      Parameters:
      request - the incoming request
      response - the outgoing response
      Throws:
      Exception - if there is an error processing the request.

    • onAccessDenied

      protected boolean onAccessDenied(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws Exception
      Execute login by creating token and logging subject with this token.
      Specified by:
      onAccessDenied in class AccessControlFilter
      Parameters:
      request - the incoming request
      response - the outgoing response
      Returns:
      true if the request should continue to be processed; false if the subclass will handle/render the response directly.
      Throws:
      Exception - if there is an error processing the request.

    • isAccessAllowed

      protected boolean isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue)
      Returns false to always force authentication (user is never considered authenticated by this filter).
      Overrides:
      isAccessAllowed in class AuthenticationFilter
      Parameters:
      request - the incoming request
      response - the outgoing response
      mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
      Returns:
      false

    • onLoginSuccess

      protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response) throws Exception
      If login has been successful, redirect user to the original protected url.
      Overrides:
      onLoginSuccess in class AuthenticatingFilter
      Parameters:
      token - the token representing the current authentication
      subject - the current authenticated subjet
      request - the incoming request
      response - the outgoing response
      Throws:
      Exception - if there is an error processing the request.

    • onLoginFailure

      protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException ae, jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)
      If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already authenticated, in which case redirect to the default success url.
      Overrides:
      onLoginFailure in class AuthenticatingFilter
      Parameters:
      token - the token representing the current authentication
      ae - the current authentication exception
      request - the incoming request
      response - the outgoing response

    • setFailureUrl

      public void setFailureUrl(String failureUrl)