CasRealm (Apache Shiro 1.2.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.cas
Class CasRealm

java.lang.Object
  org.apache.shiro.realm.CachingRealm
      org.apache.shiro.realm.AuthenticatingRealm
          org.apache.shiro.realm.AuthorizingRealm
              org.apache.shiro.cas.CasRealm

All Implemented Interfaces:: LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable

public class CasRealm
extends AuthorizingRealm
extends AuthorizingRealm

This realm implementation acts as a CAS client to a CAS server for authentication and basic authorization.

This realm functions by inspecting a submitted CasToken (which essentially wraps a CAS service ticket) and validates it against the CAS server using a configured CAS TicketValidator.

The validationProtocol is CAS by default, which indicates that a a Cas20ServiceTicketValidator will be used for ticket validation. You can alternatively set or Saml11TicketValidator of CAS client. It is based on AuthorizingRealm for both authentication and authorization. User id and attributes are retrieved from the CAS service ticket validation response during authentication phase. Roles and permissions are computed during authorization phase (according to the attributes previously retrieved).

Since:: 1.2

Field Summary
`static String`	`DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME`
`static String`	`DEFAULT_VALIDATION_PROTOCOL`

Constructor Summary
`CasRealm()`

Method Summary
`protected org.jasig.cas.client.validation.TicketValidator`	`createTicketValidator()`
`protected AuthenticationInfo`	`doGetAuthenticationInfo(AuthenticationToken token)` Authenticates a user and retrieves its information.
`protected AuthorizationInfo`	`doGetAuthorizationInfo(PrincipalCollection principals)` Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
`protected org.jasig.cas.client.validation.TicketValidator`	`ensureTicketValidator()`
`String`	`getCasServerUrlPrefix()`
`String`	`getCasService()`
`String`	`getDefaultPermissions()`
`String`	`getDefaultRoles()`
`String`	`getPermissionAttributeNames()`
`String`	`getRememberMeAttributeName()`
`String`	`getRoleAttributeNames()`
`String`	`getValidationProtocol()`
`protected void`	`onInit()` Initializes this realm and potentially enables a cache, depending on configuration.
`void`	`setCasServerUrlPrefix(String casServerUrlPrefix)`
`void`	`setCasService(String casService)`
`void`	`setDefaultPermissions(String defaultPermissions)`
`void`	`setDefaultRoles(String defaultRoles)`
`void`	`setPermissionAttributeNames(String permissionAttributeNames)`
`void`	`setRememberMeAttributeName(String rememberMeAttributeName)`
`void`	`setRoleAttributeNames(String roleAttributeNames)`
`void`	`setValidationProtocol(String validationProtocol)`

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthorizingRealm

afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm
`assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports`

Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm

assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports

Methods inherited from class org.apache.shiro.realm.CachingRealm
`clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Methods inherited from interface org.apache.shiro.util.Initializable
`init`

Field Detail

DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME

public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME

See Also:: Constant Field Values

DEFAULT_VALIDATION_PROTOCOL

public static final String DEFAULT_VALIDATION_PROTOCOL

See Also:: Constant Field Values

Constructor Detail

CasRealm

public CasRealm()

Method Detail

onInit

protected void onInit()

Description copied from class: AuthorizingRealm

Initializes this realm and potentially enables a cache, depending on configuration.

When this method is called, the following logic is executed:

If the cache property has been set, it will be used to cache the AuthorizationInfo objects returned from AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) method invocations. All future calls to getAuthorizationInfo will attempt to use this cache first to alleviate any potentially unnecessary calls to an underlying data store.
If the cache property has not been set, the cacheManager property will be checked. If a cacheManager has been set, it will be used to create an authorization cache, and this newly created cache which will be used as specified in #1.
If neither the (org.apache.shiro.cache.Cache) cache or cacheManager properties are set, caching will be disabled and authorization look-ups will be delegated to subclass implementations for each authorization check.

Overrides:: onInit in class AuthorizingRealm

ensureTicketValidator

protected org.jasig.cas.client.validation.TicketValidator ensureTicketValidator()

createTicketValidator

protected org.jasig.cas.client.validation.TicketValidator createTicketValidator()

doGetAuthenticationInfo

protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
                                              throws AuthenticationException

Authenticates a user and retrieves its information.

Specified by:: doGetAuthenticationInfo in class AuthenticatingRealm

Parameters:: token - the authentication token
Returns:: an AuthenticationInfo object containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
Throws:: AuthenticationException - if there is an error during authentication.

doGetAuthorizationInfo

protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)

Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).

Specified by:: doGetAuthorizationInfo in class AuthorizingRealm

Parameters:: principals - the primary identifying principals of the AuthorizationInfo that should be retrieved.
Returns:: the AuthorizationInfo associated with this principals.
See Also:: SimpleAuthorizationInfo

getCasServerUrlPrefix

public String getCasServerUrlPrefix()

setCasServerUrlPrefix

public void setCasServerUrlPrefix(String casServerUrlPrefix)

getCasService

public String getCasService()

setCasService

public void setCasService(String casService)

getValidationProtocol

public String getValidationProtocol()

setValidationProtocol

public void setValidationProtocol(String validationProtocol)

getRememberMeAttributeName

public String getRememberMeAttributeName()

setRememberMeAttributeName

public void setRememberMeAttributeName(String rememberMeAttributeName)

getDefaultRoles

public String getDefaultRoles()

setDefaultRoles

public void setDefaultRoles(String defaultRoles)

getDefaultPermissions

public String getDefaultPermissions()

setDefaultPermissions

public void setDefaultPermissions(String defaultPermissions)

getRoleAttributeNames

public String getRoleAttributeNames()

setRoleAttributeNames

public void setRoleAttributeNames(String roleAttributeNames)

getPermissionAttributeNames

public String getPermissionAttributeNames()

setPermissionAttributeNames

public void setPermissionAttributeNames(String permissionAttributeNames)