org.apache.shiro.cas
Class CasRealm
java.lang.Object
org.apache.shiro.realm.CachingRealm
org.apache.shiro.realm.AuthenticatingRealm
org.apache.shiro.realm.AuthorizingRealm
org.apache.shiro.cas.CasRealm
- All Implemented Interfaces:
- LogoutAware, Authorizer, PermissionResolverAware, RolePermissionResolverAware, CacheManagerAware, Realm, Initializable, Nameable
public class CasRealm
- extends AuthorizingRealm
This realm implementation acts as a CAS client to a CAS server for authentication and basic authorization.
This realm functions by inspecting a submitted CasToken
(which essentially
wraps a CAS service ticket) and validates it against the CAS server using a configured CAS
TicketValidator
.
The validationProtocol
is CAS
by default, which indicates that a
a Cas20ServiceTicketValidator
will be used for ticket validation. You can alternatively set
or Saml11TicketValidator
of CAS client. It is based on
AuthorizingRealm
for both authentication and authorization. User id and attributes are retrieved from the CAS
service ticket validation response during authentication phase. Roles and permissions are computed during authorization phase (according
to the attributes previously retrieved).
- Since:
- 1.2
Methods inherited from class org.apache.shiro.realm.AuthorizingRealm |
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolver |
Methods inherited from class org.apache.shiro.realm.AuthenticatingRealm |
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supports |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME
- See Also:
- Constant Field Values
DEFAULT_VALIDATION_PROTOCOL
public static final String DEFAULT_VALIDATION_PROTOCOL
- See Also:
- Constant Field Values
CasRealm
public CasRealm()
onInit
protected void onInit()
- Description copied from class:
AuthorizingRealm
- Initializes this realm and potentially enables a cache, depending on configuration.
When this method is called, the following logic is executed:
- If the
cache
property has been set, it will be
used to cache the AuthorizationInfo objects returned from AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
method invocations.
All future calls to getAuthorizationInfo
will attempt to use this cache first
to alleviate any potentially unnecessary calls to an underlying data store.
- If the
cache
property has not been set,
the cacheManager
property will be checked.
If a cacheManager
has been set, it will be used to create an authorization
cache
, and this newly created cache which will be used as specified in #1.
- If neither the
(org.apache.shiro.cache.Cache) cache
or cacheManager
properties are set, caching will be disabled and authorization look-ups will be delegated to
subclass implementations for each authorization check.
- Overrides:
onInit
in class AuthorizingRealm
ensureTicketValidator
protected org.jasig.cas.client.validation.TicketValidator ensureTicketValidator()
createTicketValidator
protected org.jasig.cas.client.validation.TicketValidator createTicketValidator()
doGetAuthenticationInfo
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException
- Authenticates a user and retrieves its information.
- Specified by:
doGetAuthenticationInfo
in class AuthenticatingRealm
- Parameters:
token
- the authentication token
- Returns:
- an
AuthenticationInfo
object containing account data resulting from the
authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
- Throws:
AuthenticationException
- if there is an error during authentication.
doGetAuthorizationInfo
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
- Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
- Specified by:
doGetAuthorizationInfo
in class AuthorizingRealm
- Parameters:
principals
- the primary identifying principals of the AuthorizationInfo that should be retrieved.
- Returns:
- the AuthorizationInfo associated with this principals.
- See Also:
SimpleAuthorizationInfo
getCasServerUrlPrefix
public String getCasServerUrlPrefix()
setCasServerUrlPrefix
public void setCasServerUrlPrefix(String casServerUrlPrefix)
getCasService
public String getCasService()
setCasService
public void setCasService(String casService)
getValidationProtocol
public String getValidationProtocol()
setValidationProtocol
public void setValidationProtocol(String validationProtocol)
getRememberMeAttributeName
public String getRememberMeAttributeName()
setRememberMeAttributeName
public void setRememberMeAttributeName(String rememberMeAttributeName)
getDefaultRoles
public String getDefaultRoles()
setDefaultRoles
public void setDefaultRoles(String defaultRoles)
getDefaultPermissions
public String getDefaultPermissions()
setDefaultPermissions
public void setDefaultPermissions(String defaultPermissions)
getRoleAttributeNames
public String getRoleAttributeNames()
setRoleAttributeNames
public void setRoleAttributeNames(String roleAttributeNames)
getPermissionAttributeNames
public String getPermissionAttributeNames()
setPermissionAttributeNames
public void setPermissionAttributeNames(String permissionAttributeNames)
Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.