Class CASCredentialProvider
- java.lang.Object
-
- org.ametys.runtime.plugin.component.AbstractLogEnabled
-
- org.ametys.core.authentication.AbstractCredentialProvider
-
- org.ametys.plugins.core.impl.authentication.CASCredentialProvider
-
- All Implemented Interfaces:
BlockingCredentialProvider
,CredentialProvider
,NonBlockingCredentialProvider
,LogEnabled
,Component
,Contextualizable
public class CASCredentialProvider extends AbstractCredentialProvider implements NonBlockingCredentialProvider, BlockingCredentialProvider, Contextualizable
This manager gets the credentials given by an authentication CAS filter.
The filter must set the 'remote user' header into the request.
This manager can not get the password of the connected user: the user is already authenticated. This manager should not be associated with aUsersManagerAuthentication
-
-
Field Summary
Fields Modifier and Type Field Description private static String
__PARAM_ACCEPT_ANY_PROXY
Parameter name for "accept any proxy"private static String
__PARAM_AUTHORIZED_PROXY_CHAINS
Parameter name for authorized proxy chainsprivate static String
__PARAM_GATEWAY_ENABLED
Parameter name for the gateway modeprivate static String
__PARAM_REQUEST_PROXY_TICKETS
Parameter name for "request proxy tickets"private boolean
_acceptAnyProxy
Should the application accept any proxyprivate String
_authorizedProxyChains
Authorized proxy chains, which is a newline-delimited list of acceptable proxy chains.private Context
_context
private boolean
_gatewayModeEnabled
Should the cas gateway mode be usedprivate boolean
_requestProxyTickets
Should the application request proxy ticketsprotected String
_serverUrl
Cas server URL with context (https://cas-server ou https://cas-server/cas)static String
PARAM_SERVER_URL
Parameter name for server url
-
Constructor Summary
Constructors Constructor Description CASCredentialProvider()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
_getLogin(Request request)
Get the connected user login from the request or session.private String
_getLoginFromFilter(boolean gateway, Redirector redirector)
private String
_getProxyCallbackRelativeUrl(Request request)
private Integer
_getRunningCpIndex(Request request)
UserIdentity
blockingGetUserIdentity(Redirector redirector)
Method called by AuthenticateAction each time a request need authentication.boolean
blockingGrantAnonymousRequest()
Method called by AuthenticateAction before asking for credentials.boolean
blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Validates that the user specify is still connectedvoid
blockingUserAllowed(UserIdentity userIdentity)
Method called by AuthenticateAction after authentication process succeededvoid
blockingUserNotAllowed(Redirector redirector)
Method called by AuthenticateAction each a user could not get authenticated.void
contextualize(Context context)
void
init(String id, String cpModelId, Map<String,Object> paramValues, String label)
Initialize the credential provider with given parameters' values.UserIdentity
nonBlockingGetUserIdentity(Redirector redirector)
Method called by AuthenticateAction each time a request need authentication.boolean
nonBlockingGrantAnonymousRequest()
Method called by AuthenticateAction before asking for credentials.boolean
nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)
Validates that the user specify is still connectedvoid
nonBlockingUserAllowed(UserIdentity userIdentity)
Method called by AuthenticateAction after authentication process succeededvoid
nonBlockingUserNotAllowed(Redirector redirector)
Method called by AuthenticateAction each a user could not get authenticated.boolean
requiresNewWindow()
Does this blocking credential provider requires a new window to process.-
Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider
equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode
-
Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled
getLogger, setLogger
-
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.ametys.core.authentication.CredentialProvider
getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed
-
-
-
-
Field Detail
-
PARAM_SERVER_URL
public static final String PARAM_SERVER_URL
Parameter name for server url- See Also:
- Constant Field Values
-
__PARAM_REQUEST_PROXY_TICKETS
private static final String __PARAM_REQUEST_PROXY_TICKETS
Parameter name for "request proxy tickets"- See Also:
- Constant Field Values
-
__PARAM_ACCEPT_ANY_PROXY
private static final String __PARAM_ACCEPT_ANY_PROXY
Parameter name for "accept any proxy"- See Also:
- Constant Field Values
-
__PARAM_AUTHORIZED_PROXY_CHAINS
private static final String __PARAM_AUTHORIZED_PROXY_CHAINS
Parameter name for authorized proxy chains- See Also:
- Constant Field Values
-
__PARAM_GATEWAY_ENABLED
private static final String __PARAM_GATEWAY_ENABLED
Parameter name for the gateway mode- See Also:
- Constant Field Values
-
_serverUrl
protected String _serverUrl
Cas server URL with context (https://cas-server ou https://cas-server/cas)
-
_requestProxyTickets
private boolean _requestProxyTickets
Should the application request proxy tickets
-
_acceptAnyProxy
private boolean _acceptAnyProxy
Should the application accept any proxy
-
_authorizedProxyChains
private String _authorizedProxyChains
Authorized proxy chains, which is a newline-delimited list of acceptable proxy chains. A proxy chain includes a whitespace-delimited list of valid proxy URLs. Only one proxy chain needs to match for the login to be successful.
-
_gatewayModeEnabled
private boolean _gatewayModeEnabled
Should the cas gateway mode be used
-
-
Constructor Detail
-
CASCredentialProvider
public CASCredentialProvider()
-
-
Method Detail
-
contextualize
public void contextualize(Context context) throws ContextException
- Specified by:
contextualize
in interfaceContextualizable
- Throws:
ContextException
-
init
public void init(String id, String cpModelId, Map<String,Object> paramValues, String label)
Description copied from interface:CredentialProvider
Initialize the credential provider with given parameters' values.- Specified by:
init
in interfaceCredentialProvider
- Overrides:
init
in classAbstractCredentialProvider
- Parameters:
id
- The unique identifiercpModelId
- The id of credential provider extension pointparamValues
- The parameters' valueslabel
- The specific label of this instance. Can be null
-
blockingIsStillConnected
public boolean blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception
Description copied from interface:BlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
blockingIsStillConnected
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception
- If an error occurred
-
nonBlockingIsStillConnected
public boolean nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector) throws Exception
Description copied from interface:NonBlockingCredentialProvider
Validates that the user specify is still connected- Specified by:
nonBlockingIsStillConnected
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- the user previously correctly identified with this credential providerredirector
- The cocoon redirector- Returns:
- true if this CredentialProvider was in a valid state, false to restart authentication process
- Throws:
Exception
- If an error occurred
-
_getLoginFromFilter
private String _getLoginFromFilter(boolean gateway, Redirector redirector) throws Exception
- Throws:
Exception
-
_getProxyCallbackRelativeUrl
private String _getProxyCallbackRelativeUrl(Request request)
-
_getRunningCpIndex
private Integer _getRunningCpIndex(Request request)
-
blockingGrantAnonymousRequest
public boolean blockingGrantAnonymousRequest()
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.- Specified by:
blockingGrantAnonymousRequest
in interfaceBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
nonBlockingGrantAnonymousRequest
public boolean nonBlockingGrantAnonymousRequest()
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.- Specified by:
nonBlockingGrantAnonymousRequest
in interfaceNonBlockingCredentialProvider
- Returns:
- true if the Request is not authenticated
-
blockingGetUserIdentity
public UserIdentity blockingGetUserIdentity(Redirector redirector) throws Exception
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
blockingGetUserIdentity
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
nonBlockingGetUserIdentity
public UserIdentity nonBlockingGetUserIdentity(Redirector redirector) throws Exception
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each time a request need authentication.- Specified by:
nonBlockingGetUserIdentity
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon redirector.- Returns:
- the
UserIdentity
corresponding to the user (with or without population specified), or null if user could not get authenticated. - Throws:
Exception
- if something wrong occurs
-
blockingUserNotAllowed
public void blockingUserNotAllowed(Redirector redirector) throws Exception
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
blockingUserNotAllowed
in interfaceBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
nonBlockingUserNotAllowed
public void nonBlockingUserNotAllowed(Redirector redirector) throws Exception
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.- Specified by:
nonBlockingUserNotAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
redirector
- the cocoon Redirector that can be used for redirecting response.- Throws:
Exception
- if something wrong occurs
-
blockingUserAllowed
public void blockingUserAllowed(UserIdentity userIdentity)
Description copied from interface:BlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
blockingUserAllowed
in interfaceBlockingCredentialProvider
- Parameters:
userIdentity
- The user correctly connected
-
nonBlockingUserAllowed
public void nonBlockingUserAllowed(UserIdentity userIdentity)
Description copied from interface:NonBlockingCredentialProvider
Method called by AuthenticateAction after authentication process succeeded- Specified by:
nonBlockingUserAllowed
in interfaceNonBlockingCredentialProvider
- Parameters:
userIdentity
- The user correctly connected
-
requiresNewWindow
public boolean requiresNewWindow()
Description copied from interface:BlockingCredentialProvider
Does this blocking credential provider requires a new window to process.- Specified by:
requiresNewWindow
in interfaceBlockingCredentialProvider
- Returns:
- true to ask the client to process this credential provider throught a new window
-
-