org.jasig.portal.security.provider.cas
Class CasFilteredSecurityContext

java.lang.Object
  extended by org.jasig.portal.security.provider.ChainingSecurityContext
      extended by org.jasig.portal.security.provider.cas.CasFilteredSecurityContext
All Implemented Interfaces:
java.io.Serializable, ISecurityContext, ICasSecurityContext

public class CasFilteredSecurityContext
extends ChainingSecurityContext
implements ICasSecurityContext

CAS security context backed by the StaticCasReceiptCacherFilter. This security context implements the approach of fronting uPortal login with the CAS Java Servlet filters (specifically CASValidateFilter and StaticCasReceiptCacherFilter), allowing the filters to do the "heavy lifting" of performing the authentication and then just reading and using the results here in the security context. This approach dodges having to configure a constant service URL for portal login and thereby affords flexibility for supporting parameters on login for specifying the fname of a channel to jump to on authentication, e.g. Relies on the CASValidationFilter already having done any necessary ticket validation, and the StaticCasReceiptCacherFilter having cached the receipt, keyed by the ticket. Based on Susan Bramhall's YaleSecurityContext. Based on edu.yale.its.tp.portal.security.YaleCasFilteredContext as distributed in the Yale CAS uPortal security provider module version 3.0.0.

See Also:
Serialized Form

Nested Class Summary
 
Nested classes/interfaces inherited from class org.jasig.portal.security.provider.ChainingSecurityContext
ChainingSecurityContext.ChainingAdditionalDescriptor, ChainingSecurityContext.ChainingOpaqueCredentials, ChainingSecurityContext.ChainingPrincipal
 
Field Summary
private  edu.yale.its.tp.cas.client.CASReceipt receipt
          Receipt stored here upon authenticate() invocation.
private static long serialVersionUID
           
 
Fields inherited from class org.jasig.portal.security.provider.ChainingSecurityContext
isauth, log, myAdditionalDescriptor, myOpaqueCredentials, myOrder, myPrincipal, mySubContexts, stopWhenAuthenticated
 
Fields inherited from interface org.jasig.portal.security.provider.cas.ICasSecurityContext
CAS_AUTHTYPE
 
Constructor Summary
CasFilteredSecurityContext()
           
 
Method Summary
 void authenticate()
          We walk the chain of subcontext assigning principals and opaquecredentials from the parent.
 int getAuthType()
          Returns the canonical authentication type for this flavor of authentication.
 java.lang.String getCasServiceToken(java.lang.String target)
          Get a proxy ticket for a given target.
 java.lang.String toString()
           
 
Methods inherited from class org.jasig.portal.security.provider.ChainingSecurityContext
addSubContext, doesSubContextExist, getAdditionalDescriptor, getOpaqueCredentials, getOpaqueCredentialsInstance, getPrincipal, getPrincipalInstance, getSubContext, getSubContextNames, getSubContexts, isAuthenticated
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

serialVersionUID

private static final long serialVersionUID
See Also:
Constant Field Values

receipt

private edu.yale.its.tp.cas.client.CASReceipt receipt
Receipt stored here upon authenticate() invocation.

Constructor Detail

CasFilteredSecurityContext

CasFilteredSecurityContext()
Method Detail

getAuthType

public int getAuthType()
Description copied from interface: ISecurityContext
Returns the canonical authentication type for this flavor of authentication. Each value returned should be either a globally registered auth flavor or a local variant.

Specified by:
getAuthType in interface ISecurityContext
Returns:
The unique authentication value identifier. Values with the high order 16 bits clear are local (0x0000 - 0x00FF) where values with the high order 16 bits set (0xFF00 - 0xFFFF are foundation types distributed by JASIG. All other should be registered and globally unique.

authenticate

public void authenticate()
                  throws PortalSecurityException
Description copied from class: ChainingSecurityContext
We walk the chain of subcontext assigning principals and opaquecredentials from the parent. Note that the contexts themselves should resist actually performing the assignment if an assignment has already been made to either the credentials or the UID.

Specified by:
authenticate in interface ISecurityContext
Overrides:
authenticate in class ChainingSecurityContext
Throws:
PortalSecurityException
See Also:
ISecurityContext.getPrincipalInstance(), ISecurityContext.getOpaqueCredentialsInstance()

getCasServiceToken

public java.lang.String getCasServiceToken(java.lang.String target)
                                    throws CasProxyTicketAcquisitionException
Description copied from interface: ICasSecurityContext
Get a proxy ticket for a given target. Implementations should return null if no PGTIOU or PGT is available by which to obtain a proxy ticket. Implementations should throw a CASProxyTicketAcquisitionException if an error occurs during an attempt to obtain a PGT. In particular, inability to contact the CAS server and expiration of the underlying PGT should result in a CASProxyTicketAcquisitionException.

Specified by:
getCasServiceToken in interface ICasSecurityContext
Parameters:
target - - URL for which a proxy ticket is desired.
Returns:
a valid proxy ticket for the target, or null.
Throws:
CasProxyTicketAcquisitionException

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object