org.apache.shiro.cas
Class CasRealm
java.lang.Object
org.apache.shiro.realm.CachingRealm
org.apache.shiro.realm.AuthenticatingRealm
org.apache.shiro.realm.AuthorizingRealm
org.apache.shiro.cas.CasRealm
- All Implemented Interfaces:
- org.apache.shiro.authc.LogoutAware, org.apache.shiro.authz.Authorizer, org.apache.shiro.authz.permission.PermissionResolverAware, org.apache.shiro.authz.permission.RolePermissionResolverAware, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.realm.Realm, org.apache.shiro.util.Initializable, org.apache.shiro.util.Nameable
public class CasRealm
- extends org.apache.shiro.realm.AuthorizingRealm
This realm implementation acts as a CAS client to a CAS server for authentication and basic authorization.
This realm functions by inspecting a submitted CasToken
(which essentially
wraps a CAS service ticket) and validates it against the CAS server using a configured CAS
TicketValidator
.
The validationProtocol
is CAS
by default, which indicates that a
a Cas20ServiceTicketValidator
will be used for ticket validation. You can alternatively set
or Saml11TicketValidator
of CAS client. It is based on
AuthorizingRealm
for both authentication and authorization. User id and attributes are retrieved from the CAS
service ticket validation response during authentication phase. Roles and permissions are computed during authorization phase (according
to the attributes previously retrieved).
- Since:
- 1.2
Methods inherited from class org.apache.shiro.realm.AuthorizingRealm |
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver |
Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm |
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports |
Methods inherited from class org.apache.shiro.realm.CachingRealm |
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.shiro.util.Initializable |
init |
DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
- See Also:
- Constant Field Values
DEFAULT_VALIDATION_PROTOCOL
public static final String DEFAULT_VALIDATION_PROTOCOL
- See Also:
- Constant Field Values
CasRealm
public CasRealm()
onInit
protected void onInit()
- Overrides:
onInit
in class org.apache.shiro.realm.AuthorizingRealm
ensureTicketValidator
protected org.jasig.cas.client.validation.TicketValidator ensureTicketValidator()
createTicketValidator
protected org.jasig.cas.client.validation.TicketValidator createTicketValidator()
doGetAuthenticationInfo
protected org.apache.shiro.authc.AuthenticationInfo doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken token)
throws org.apache.shiro.authc.AuthenticationException
- Authenticates a user and retrieves its information.
- Specified by:
doGetAuthenticationInfo
in class org.apache.shiro.realm.AuthenticatingRealm
- Parameters:
token
- the authentication token
- Throws:
org.apache.shiro.authc.AuthenticationException
- if there is an error during authentication.
doGetAuthorizationInfo
protected org.apache.shiro.authz.AuthorizationInfo doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection principals)
- Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
- Specified by:
doGetAuthorizationInfo
in class org.apache.shiro.realm.AuthorizingRealm
- Parameters:
principals
- the primary identifying principals of the AuthorizationInfo that should be retrieved.
- Returns:
- the AuthorizationInfo associated with this principals.
getCasServerUrlPrefix
public String getCasServerUrlPrefix()
setCasServerUrlPrefix
public void setCasServerUrlPrefix(String casServerUrlPrefix)
getCasService
public String getCasService()
setCasService
public void setCasService(String casService)
getValidationProtocol
public String getValidationProtocol()
setValidationProtocol
public void setValidationProtocol(String validationProtocol)
getRememberMeAttributeName
public String getRememberMeAttributeName()
setRememberMeAttributeName
public void setRememberMeAttributeName(String rememberMeAttributeName)
getDefaultRoles
public String getDefaultRoles()
setDefaultRoles
public void setDefaultRoles(String defaultRoles)
getDefaultPermissions
public String getDefaultPermissions()
setDefaultPermissions
public void setDefaultPermissions(String defaultPermissions)
getRoleAttributeNames
public String getRoleAttributeNames()
setRoleAttributeNames
public void setRoleAttributeNames(String roleAttributeNames)
getPermissionAttributeNames
public String getPermissionAttributeNames()
setPermissionAttributeNames
public void setPermissionAttributeNames(String permissionAttributeNames)
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.