org.jasig.portal.security.provider.cas
Class CasFilteredSecurityContext
java.lang.Object
org.jasig.portal.security.provider.ChainingSecurityContext
org.jasig.portal.security.provider.cas.CasFilteredSecurityContext
- All Implemented Interfaces:
- java.io.Serializable, ISecurityContext, ICasSecurityContext
public class CasFilteredSecurityContext
- extends ChainingSecurityContext
- implements ICasSecurityContext
CAS security context backed by the StaticCasReceiptCacherFilter.
This security context implements the approach of fronting uPortal login
with the CAS Java Servlet filters (specifically CASValidateFilter and
StaticCasReceiptCacherFilter), allowing the filters to do the "heavy lifting" of
performing the authentication and then just reading and using the
results here in the security context.
This approach dodges having to configure a constant service URL for
portal login and thereby affords flexibility for supporting parameters
on login for specifying the fname of a channel to jump to on authentication,
e.g.
Relies on the CASValidationFilter already having done any necessary ticket validation,
and the StaticCasReceiptCacherFilter having cached the receipt, keyed by the ticket.
Based on Susan Bramhall's YaleSecurityContext. Based on edu.yale.its.tp.portal.security.YaleCasFilteredContext
as distributed in the Yale CAS uPortal security provider module version 3.0.0.
- See Also:
- Serialized Form
Field Summary |
private edu.yale.its.tp.cas.client.CASReceipt |
receipt
Receipt stored here upon authenticate() invocation. |
private static long |
serialVersionUID
|
Method Summary |
void |
authenticate()
We walk the chain of subcontext assigning principals and opaquecredentials
from the parent. |
int |
getAuthType()
Returns the canonical authentication type for this flavor of
authentication. |
java.lang.String |
getCasServiceToken(java.lang.String target)
Get a proxy ticket for a given target. |
java.lang.String |
toString()
|
Methods inherited from class org.jasig.portal.security.provider.ChainingSecurityContext |
addSubContext, doesSubContextExist, getAdditionalDescriptor, getOpaqueCredentials, getOpaqueCredentialsInstance, getPrincipal, getPrincipalInstance, getSubContext, getSubContextNames, getSubContexts, isAuthenticated |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
serialVersionUID
private static final long serialVersionUID
- See Also:
- Constant Field Values
receipt
private edu.yale.its.tp.cas.client.CASReceipt receipt
- Receipt stored here upon authenticate() invocation.
CasFilteredSecurityContext
CasFilteredSecurityContext()
getAuthType
public int getAuthType()
- Description copied from interface:
ISecurityContext
- Returns the canonical authentication type for this flavor of
authentication. Each value returned should be either a globally registered
auth flavor or a local variant.
- Specified by:
getAuthType
in interface ISecurityContext
- Returns:
- The unique authentication value identifier. Values with the
high order 16 bits clear are local (0x0000 - 0x00FF) where values with the
high order 16 bits set (0xFF00 - 0xFFFF are foundation types distributed
by JASIG. All other should be registered and globally unique.
authenticate
public void authenticate()
throws PortalSecurityException
- Description copied from class:
ChainingSecurityContext
- We walk the chain of subcontext assigning principals and opaquecredentials
from the parent. Note that the contexts themselves should resist
actually performing the assignment if an assignment has already been made
to either the credentials or the UID.
- Specified by:
authenticate
in interface ISecurityContext
- Overrides:
authenticate
in class ChainingSecurityContext
- Throws:
PortalSecurityException
- See Also:
ISecurityContext.getPrincipalInstance()
,
ISecurityContext.getOpaqueCredentialsInstance()
getCasServiceToken
public java.lang.String getCasServiceToken(java.lang.String target)
throws CasProxyTicketAcquisitionException
- Description copied from interface:
ICasSecurityContext
- Get a proxy ticket for a given target.
Implementations should return null if no PGTIOU or PGT is available by
which to obtain a proxy ticket.
Implementations should throw a CASProxyTicketAcquisitionException if
an error occurs during an attempt
to obtain a PGT. In particular, inability to contact the CAS server and
expiration of the underlying PGT
should result in a CASProxyTicketAcquisitionException.
- Specified by:
getCasServiceToken
in interface ICasSecurityContext
- Parameters:
target
- - URL for which a proxy ticket is desired.
- Returns:
- a valid proxy ticket for the target, or null.
- Throws:
CasProxyTicketAcquisitionException
toString
public java.lang.String toString()
- Overrides:
toString
in class java.lang.Object