org.apache.shiro.cas
Class CasRealm

java.lang.Object
  extended by org.apache.shiro.realm.CachingRealm
      extended by org.apache.shiro.realm.AuthenticatingRealm
          extended by org.apache.shiro.realm.AuthorizingRealm
              extended by org.apache.shiro.cas.CasRealm
All Implemented Interfaces:
LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable

public class CasRealm
extends AuthorizingRealm

This realm implementation acts as a CAS client to a CAS server for authentication and basic authorization.

This realm functions by inspecting a submitted CasToken (which essentially wraps a CAS service ticket) and validates it against the CAS server using a configured CAS TicketValidator.

The validationProtocol is CAS by default, which indicates that a a Cas20ServiceTicketValidator will be used for ticket validation. You can alternatively set or Saml11TicketValidator of CAS client. It is based on AuthorizingRealm for both authentication and authorization. User id and attributes are retrieved from the CAS service ticket validation response during authentication phase. Roles and permissions are computed during authorization phase (according to the attributes previously retrieved).

Since:
1.2

Field Summary
static String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
           
static String DEFAULT_VALIDATION_PROTOCOL
           
 
Constructor Summary
CasRealm()
           
 
Method Summary
protected  org.jasig.cas.client.validation.TicketValidator createTicketValidator()
           
protected  AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
          Authenticates a user and retrieves its information.
protected  AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
          Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
protected  org.jasig.cas.client.validation.TicketValidator ensureTicketValidator()
           
 String getCasServerUrlPrefix()
           
 String getCasService()
           
 String getDefaultPermissions()
           
 String getDefaultRoles()
           
 String getPermissionAttributeNames()
           
 String getRememberMeAttributeName()
           
 String getRoleAttributeNames()
           
 String getValidationProtocol()
           
protected  void onInit()
          Initializes this realm and potentially enables a cache, depending on configuration.
 void setCasServerUrlPrefix(String casServerUrlPrefix)
           
 void setCasService(String casService)
           
 void setDefaultPermissions(String defaultPermissions)
           
 void setDefaultRoles(String defaultRoles)
           
 void setPermissionAttributeNames(String permissionAttributeNames)
           
 void setRememberMeAttributeName(String rememberMeAttributeName)
           
 void setRoleAttributeNames(String roleAttributeNames)
           
 void setValidationProtocol(String validationProtocol)
           
 
Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver
 
Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports
 
Methods inherited from class org.apache.shiro.realm.CachingRealm
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.util.Initializable
init
 

Field Detail

DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME

public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
See Also:
Constant Field Values

DEFAULT_VALIDATION_PROTOCOL

public static final String DEFAULT_VALIDATION_PROTOCOL
See Also:
Constant Field Values
Constructor Detail

CasRealm

public CasRealm()
Method Detail

onInit

protected void onInit()
Description copied from class: AuthorizingRealm
Initializes this realm and potentially enables a cache, depending on configuration.

When this method is called, the following logic is executed:

  1. If the cache property has been set, it will be used to cache the AuthorizationInfo objects returned from AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method invocations. All future calls to getAuthorizationInfo will attempt to use this cache first to alleviate any potentially unnecessary calls to an underlying data store.
  2. If the cache property has not been set, the cacheManager property will be checked. If a cacheManager has been set, it will be used to create an authorization cache, and this newly created cache which will be used as specified in #1.
  3. If neither the (org.apache.shiro.cache.Cache) cache or cacheManager properties are set, caching will be disabled and authorization look-ups will be delegated to subclass implementations for each authorization check.

Overrides:
onInit in class AuthorizingRealm

ensureTicketValidator

protected org.jasig.cas.client.validation.TicketValidator ensureTicketValidator()

createTicketValidator

protected org.jasig.cas.client.validation.TicketValidator createTicketValidator()

doGetAuthenticationInfo

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
                                              throws AuthenticationException
Authenticates a user and retrieves its information.

Specified by:
doGetAuthenticationInfo in class AuthenticatingRealm
Parameters:
token - the authentication token
Returns:
an AuthenticationInfo object containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
Throws:
AuthenticationException - if there is an error during authentication.

doGetAuthorizationInfo

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).

Specified by:
doGetAuthorizationInfo in class AuthorizingRealm
Parameters:
principals - the primary identifying principals of the AuthorizationInfo that should be retrieved.
Returns:
the AuthorizationInfo associated with this principals.
See Also:
SimpleAuthorizationInfo

getCasServerUrlPrefix

public String getCasServerUrlPrefix()

setCasServerUrlPrefix

public void setCasServerUrlPrefix(String casServerUrlPrefix)

getCasService

public String getCasService()

setCasService

public void setCasService(String casService)

getValidationProtocol

public String getValidationProtocol()

setValidationProtocol

public void setValidationProtocol(String validationProtocol)

getRememberMeAttributeName

public String getRememberMeAttributeName()

setRememberMeAttributeName

public void setRememberMeAttributeName(String rememberMeAttributeName)

getDefaultRoles

public String getDefaultRoles()

setDefaultRoles

public void setDefaultRoles(String defaultRoles)

getDefaultPermissions

public String getDefaultPermissions()

setDefaultPermissions

public void setDefaultPermissions(String defaultPermissions)

getRoleAttributeNames

public String getRoleAttributeNames()

setRoleAttributeNames

public void setRoleAttributeNames(String roleAttributeNames)

getPermissionAttributeNames

public String getPermissionAttributeNames()

setPermissionAttributeNames

public void setPermissionAttributeNames(String permissionAttributeNames)


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.