/* Copyright (c) 2000-2004 Yale University. All rights reserved.
* See full notice at end.
*/
package edu.yale.its.tp.cas.client.filter;
import java.io.*;
import java.net.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import edu.yale.its.tp.cas.client.*;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* <p>Protects web-accessible resources with CAS.</p>
*
* <p>The following filter initialization parameters are declared in
* <code>web.xml</code>:</p>
*
* <ul>
* <li><code>edu.yale.its.tp.cas.client.filter.loginUrl</code>: URL to
* login page on CAS server. (Required)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.validateUrl</code>: URL
* to validation URL on CAS server. (Required)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.serviceUrl</code>: URL
* of this service. (Required if <code>serverName</code> is not
* specified)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.serverName</code>: full
* hostname with port number (e.g. <code>www.foo.com:8080</code>).
* Port number isn't required if it is standard (80 for HTTP, 443 for
* HTTPS). (Required if <code>serviceUrl</code> is not specified)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.authorizedProxy</code>:
* whitespace-delimited list of valid proxies through which authentication
* may have proceeded. One one proxy must match. (Optional. If nothing
* is specified, the filter will only accept service tickets – not
* proxy tickets.)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.proxyCallbackUrl</code>:
* URL of local proxy callback listener used to acquire PGT/PGTIOU.
* (Optional.)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.renew</code>: value of
* CAS "renew" parameter. Bypasses single sign-on and requires user
* to provide CAS with his/her credentials again. (Optional. If nothing
* is specified, this defaults to false.)</li>
* <li><code>edu.yale.its.tp.cas.client.filter.gateway</code>: value of
* CAS "gateway" parameter. Redirects initial call through CAS and if
* the user has logged in, validates the ticket on return. If the user
* has not logged in, returns to the web application without setting
* the <code>CAS_FILTER_USER</code> variable. Note that once a redirect
* through CAS has occurred, the filter will not automatically try again
* to log the user in. You can then either provide an explicit CAS login
* link (<code>https://cas-server/cas/login?service=http://your-app</code>)
* or set up two instances of the filter mapped to different paths. One
* instance would have gateway=true, the other wouldn't. When you need
* the user to be logged in, direct him/her to the path of the other
* filter.</li>
* <li><code>edu.yale.its.tp.cas.client.filter.wrapRequest</code>:
* wrap the <code>HttpServletRequest</code> object, overriding the
* <code>getRemoteUser()</code> method. When set to "true",
* <code>request.getRemoteUser()</code> will return the username of the
* currently logged-in CAS user. (Optional. If nothing is specified,
* this defaults to false.)</li>
* </ul>
*
* <p>The logged-in username is set in the session attribute defined by
* the value of <code>CAS_FILTER_USER</code> and may be accessed from within
* your application either by setting <code>wrapRequest</code> and calling
* <code>request.getRemoteUser()</code>, or by calling
* <code>session.getAttribute(CASFilter.CAS_FILTER_USER)</code>.</p>
*
* <p>If <code>proxyCallbackUrl</code> is set, the URL will be passed to
* CAS upon validation. If the callback URL is valid, it will receive a
* CAS PGT and a PGTIOU. The PGTIOU will be returned to this filter and
* will be accessible through the session attribute,
* <code>CASFilter.CAS_FILTER_PGTIOU</code>. You may then acquire
* proxy tickets to other services by calling
* <code>edu.yale.its.tp.cas.proxy.ProxyTicketReceptor.getProxyTicket(pgtIou, targetService)</code>.
*
* @author Shawn Bayern
* @author Drew Mazurek
* @author andrew.petro@yale.edu
*/
public class CASFilter implements Filter {
private static Log log = LogFactory.getLog(CASFilter.class);
// Filter initialization parameters
/** The name of the filter initialization parameter the value of which should be the https: address
* of the CAS Login servlet. Optional parameter, but required for successful redirection of unauthenticated
* requests to authentication.
*/
public final static String LOGIN_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.loginUrl";
/** The name of the filter initialization parameter the value of which must be the https: address
* of the CAS Validate servlet. Must be a CAS 2.0 validate servlet (CAS 1.0 non-XML won't suffice).
* Required parameter.
*/
public final static String VALIDATE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.validateUrl";
/** The name of the filter initialization parameter the value of which must be the address
* of the service this filter is filtering. The filter will use this as
* the service parameter for CAS login and validation. Either this parameter or SERVERNAME_INIT_PARAM must be set.
*/
public final static String SERVICE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serviceUrl";
/** The name of the filter initialization parameter the vlaue of which must be the server name,
* e.g. www.yale.edu , of the service this filter is filtering. The filter will construct from this name
* and the request the full service parameter for CAS login and validation.
*/
public final static String SERVERNAME_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serverName";
/** The name of the filter initialization parameter the value of which must be the String
* that should be sent as the "renew" parameter on the request for login and validation.
* This should either be "true" or not be set. It is mutually exclusive with GATEWAY.
*/
public final static String RENEW_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.renew";
/** The name of the filter initialization parameter the value of which must be a whitespace
* delimited list of services (ProxyTicketReceptors) authorized to proxy authentication to the
* service filtered by this Filter. These must be https: URLs. This parameter is optional -
* not setting it results in no proxy tickets being acceptable.
*/
public final static String AUTHORIZED_PROXY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.authorizedProxy";
/** The name of the filter initialization parameter the value of which must be the https: URL
* to which CAS should send Proxy Granting Tickets when this filter validates tickets.
*/
public final static String PROXY_CALLBACK_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.proxyCallbackUrl";
/** The name of the filter initialization parameter the value of which indicates
* whether this filter should wrap requests to expose the authenticated username.
*/
public final static String WRAP_REQUESTS_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.wrapRequest";
/** The name of the filter initialization parameter the value of which is the value the Filter
* should send for the gateway parameter on the CAS login request.
*/
public final static String GATEWAY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.gateway";
// Session attributes used by this filter
/** <p>Session attribute in which the username is stored.</p> */
public final static String CAS_FILTER_USER =
"edu.yale.its.tp.cas.client.filter.user";
/**
* Session attribute in which the CASReceipt is stored.
*/
public final static String CAS_FILTER_RECEIPT =
"edu.yale.its.tp.cas.client.filter.
没有合适的资源?快使用搜索试试~ 我知道了~
casclient-2.1.1 源码
共21个文件
java:21个
5星 · 超过95%的资源 需积分: 10 65 下载量 9 浏览量
2009-01-08
20:21:09
上传
评论
收藏 53KB ZIP 举报
温馨提示
casclient-2.1.1 源码,casclient-2.1.1 源码casclient-2.1.1 源码casclient-2.1.1 源码casclient-2.1.1 源码
资源推荐
资源详情
资源评论
收起资源包目录
edu.zip (21个子文件)
edu
yale
its
tp
cas
client
filter
CASFilterRequestWrapper.java 3KB
StaticCasReceiptCacherFilter.java 5KB
SimpleCASAuthorizationFilter.java 4KB
ProxyChainScrutinizerFilter.java 9KB
CASValidateFilter.java 17KB
CASFilter.java 25KB
CASReceipt.java 12KB
Util.java 4KB
CASAuthenticationException.java 2KB
ProxyTicketValidator.java 5KB
taglib
LogoutTag.java 4KB
LoginUrlTag.java 2KB
AuthorizedProxyTag.java 2KB
ServiceTag.java 2KB
ValidateUrlTag.java 2KB
AuthTag.java 7KB
ServiceTicketValidator.java 11KB
util
SecureURL.java 4KB
proxy
ProxyTicketReceptor.java 8KB
ProxyEchoFilter.java 7KB
ProxyGrantingTicket.java 5KB
共 21 条
- 1
资源评论
- 易水寒_0992016-04-05资源不错 感谢分享
- canata_losing2013-09-03源码,正需要,谢谢啦
- lnx_temp2013-07-01正是我需要的,cas源码官网下载不了
ww2028
- 粉丝: 0
- 资源: 3
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功