org.apache.shiro.cas
Class CasFilter
java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
org.apache.shiro.cas.CasFilter
- All Implemented Interfaces:
- javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor
public class CasFilter
- extends org.apache.shiro.web.filter.authc.AuthenticatingFilter
This filter validates the CAS service ticket to authenticate the user. It must be configured on the URL recognized
by the CAS server. For example, in shiro.ini
:
[main]
casFilter = org.apache.shiro.cas.CasFilter
...
[urls]
/shiro-cas = casFilter
...
(example : http://host:port/mycontextpath/shiro-cas)
- Since:
- 1.2
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter |
PERMISSIVE |
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter |
DEFAULT_SUCCESS_URL |
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter |
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD |
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter |
appliedPaths, pathMatcher |
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter |
ALREADY_FILTERED_SUFFIX |
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter |
filterConfig |
Method Summary |
protected org.apache.shiro.authc.AuthenticationToken |
createToken(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which
the filter must be configured). |
protected boolean |
isAccessAllowed(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Object mappedValue)
Returns false to always force authentication (user is never considered authenticated by this filter). |
protected boolean |
onAccessDenied(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
Execute login by creating token and logging subject
with this token. |
protected boolean |
onLoginFailure(org.apache.shiro.authc.AuthenticationToken token,
org.apache.shiro.authc.AuthenticationException ae,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already
authenticated, in which case redirect to the default success url. |
protected boolean |
onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token,
org.apache.shiro.subject.Subject subject,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
If login has been successful, redirect user to the original protected url. |
void |
setFailureUrl(String failureUrl)
|
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticatingFilter |
cleanup, createToken, createToken, executeLogin, getHost, isPermissive, isRememberMe |
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter |
getSuccessUrl, issueSuccessRedirect, setSuccessUrl |
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter |
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl |
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter |
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig |
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter |
afterCompletion, doFilterInternal, executeChain, postHandle |
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter |
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter |
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter |
getName, setName, toStringBuilder |
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter |
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig |
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport |
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString |
CasFilter
public CasFilter()
createToken
protected org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
throws Exception
- The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which
the filter must be configured).
- Specified by:
createToken
in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
- Parameters:
request
- the incoming requestresponse
- the outgoing response
- Throws:
Exception
- if there is an error processing the request.
onAccessDenied
protected boolean onAccessDenied(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
throws Exception
- Execute login by creating
token
and logging subject
with this token.
- Specified by:
onAccessDenied
in class org.apache.shiro.web.filter.AccessControlFilter
- Parameters:
request
- the incoming requestresponse
- the outgoing response
- Throws:
Exception
- if there is an error processing the request.
isAccessAllowed
protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Object mappedValue)
- Returns
false
to always force authentication (user is never considered authenticated by this filter).
- Overrides:
isAccessAllowed
in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
- Parameters:
request
- the incoming requestresponse
- the outgoing responsemappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.
- Returns:
false
onLoginSuccess
protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token,
org.apache.shiro.subject.Subject subject,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
throws Exception
- If login has been successful, redirect user to the original protected url.
- Overrides:
onLoginSuccess
in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
- Parameters:
token
- the token representing the current authenticationsubject
- the current authenticated subjetrequest
- the incoming requestresponse
- the outgoing response
- Throws:
Exception
- if there is an error processing the request.
onLoginFailure
protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token,
org.apache.shiro.authc.AuthenticationException ae,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
- If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already
authenticated, in which case redirect to the default success url.
- Overrides:
onLoginFailure
in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
- Parameters:
token
- the token representing the current authenticationae
- the current authentication exceptionrequest
- the incoming requestresponse
- the outgoing response
setFailureUrl
public void setFailureUrl(String failureUrl)
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.