Package org.ametys.plugins.core.impl.authentication

Class CASCredentialProvider

java.lang.Object

org.ametys.runtime.plugin.component.AbstractLogEnabled

org.ametys.core.authentication.AbstractCredentialProvider

org.ametys.plugins.core.impl.authentication.CASCredentialProvider

All Implemented Interfaces:

BlockingCredentialProvider, CredentialProvider, NonBlockingCredentialProvider, LogEnabled, Component, Contextualizable

public class CASCredentialProvider
extends AbstractCredentialProvider
implements NonBlockingCredentialProvider, BlockingCredentialProvider, Contextualizable

This manager gets the credentials given by an authentication CAS filter.
The filter must set the 'remote user' header into the request.

This manager can not get the password of the connected user: the user is already authenticated. This manager should not be associated with a UsersManagerAuthentication

Field Summary

Fields

Modifier and Type	Field	Description
private static String	__PARAM_ACCEPT_ANY_PROXY	Parameter name for "accept any proxy"
private static String	__PARAM_AUTHORIZED_PROXY_CHAINS	Parameter name for authorized proxy chains
private static String	__PARAM_GATEWAY_ENABLED	Parameter name for the gateway mode
private static String	__PARAM_REQUEST_PROXY_TICKETS	Parameter name for "request proxy tickets"
private boolean	_acceptAnyProxy	Should the application accept any proxy
private String	_authorizedProxyChains	Authorized proxy chains, which is a newline-delimited list of acceptable proxy chains.
private Context	_context
private boolean	_gatewayModeEnabled	Should the cas gateway mode be used
private boolean	_requestProxyTickets	Should the application request proxy tickets
protected String	_serverUrl	Cas server URL with context (https://cas-server ou https://cas-server/cas)
static String	PARAM_SERVER_URL	Parameter name for server url

Constructor Summary

Constructors

Constructor	Description
CASCredentialProvider()

Method Summary

Modifier and Type	Method	Description
protected String	_getLogin(Request request)	Get the connected user login from the request or session.
private String	_getLoginFromFilter(boolean gateway, Redirector redirector)
private String	_getProxyCallbackRelativeUrl(Request request)
private Integer	_getRunningCpIndex(Request request)
UserIdentity	blockingGetUserIdentity(Redirector redirector)	Method called by AuthenticateAction each time a request need authentication.
boolean	blockingGrantAnonymousRequest()	Method called by AuthenticateAction before asking for credentials.
boolean	blockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)	Validates that the user specify is still connected
void	blockingUserAllowed(UserIdentity userIdentity)	Method called by AuthenticateAction after authentication process succeeded
void	blockingUserNotAllowed(Redirector redirector)	Method called by AuthenticateAction each a user could not get authenticated.
void	contextualize(Context context)
void	init(String id, String cpModelId, Map<String,Object> paramValues, String label)	Initialize the credential provider with given parameters' values.
UserIdentity	nonBlockingGetUserIdentity(Redirector redirector)	Method called by AuthenticateAction each time a request need authentication.
boolean	nonBlockingGrantAnonymousRequest()	Method called by AuthenticateAction before asking for credentials.
boolean	nonBlockingIsStillConnected(UserIdentity userIdentity, Redirector redirector)	Validates that the user specify is still connected
void	nonBlockingUserAllowed(UserIdentity userIdentity)	Method called by AuthenticateAction after authentication process succeeded
void	nonBlockingUserNotAllowed(Redirector redirector)	Method called by AuthenticateAction each a user could not get authenticated.
boolean	requiresNewWindow()	Does this blocking credential provider requires a new window to process.

Methods inherited from class org.ametys.core.authentication.AbstractCredentialProvider

equals, getCredentialProviderModelId, getId, getLabel, getParameterValues, hashCode

Methods inherited from class org.ametys.runtime.plugin.component.AbstractLogEnabled

getLogger, setLogger

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.ametys.core.authentication.CredentialProvider

getCredentialProviderModelId, getId, getLabel, getParameterValues, getUserIdentity, grantAnonymousRequest, isStillConnected, userAllowed, userNotAllowed

Field Detail

PARAM_SERVER_URL

public static final String PARAM_SERVER_URL

Parameter name for server url

See Also:

Constant Field Values

__PARAM_REQUEST_PROXY_TICKETS

private static final String __PARAM_REQUEST_PROXY_TICKETS

Parameter name for "request proxy tickets"

See Also:

Constant Field Values

__PARAM_ACCEPT_ANY_PROXY

private static final String __PARAM_ACCEPT_ANY_PROXY

Parameter name for "accept any proxy"

See Also:

Constant Field Values

__PARAM_AUTHORIZED_PROXY_CHAINS

private static final String __PARAM_AUTHORIZED_PROXY_CHAINS

Parameter name for authorized proxy chains

See Also:

Constant Field Values

__PARAM_GATEWAY_ENABLED

private static final String __PARAM_GATEWAY_ENABLED

Parameter name for the gateway mode

See Also:

Constant Field Values

_serverUrl

protected String _serverUrl

Cas server URL with context (https://cas-server ou https://cas-server/cas)

_context

private Context _context

_requestProxyTickets

private boolean _requestProxyTickets

Should the application request proxy tickets

_acceptAnyProxy

private boolean _acceptAnyProxy

Should the application accept any proxy

_authorizedProxyChains

private String _authorizedProxyChains

Authorized proxy chains, which is a newline-delimited list of acceptable proxy chains. A proxy chain includes a whitespace-delimited list of valid proxy URLs. Only one proxy chain needs to match for the login to be successful.

_gatewayModeEnabled

private boolean _gatewayModeEnabled

Should the cas gateway mode be used

Constructor Detail

CASCredentialProvider

public CASCredentialProvider()

Method Detail

contextualize

public void contextualize(Context context)
                   throws ContextException

Specified by:

contextualize in interface Contextualizable

Throws:

ContextException

init

public void init(String id,
                 String cpModelId,
                 Map<String,Object> paramValues,
                 String label)

Description copied from interface: CredentialProvider

Initialize the credential provider with given parameters' values.

Specified by:

init in interface CredentialProvider

Overrides:

init in class AbstractCredentialProvider

Parameters:

id - The unique identifier

cpModelId - The id of credential provider extension point

paramValues - The parameters' values

label - The specific label of this instance. Can be null

blockingIsStillConnected

public boolean blockingIsStillConnected(UserIdentity userIdentity,
                                        Redirector redirector)
                                 throws Exception

Description copied from interface: BlockingCredentialProvider

Validates that the user specify is still connected

Specified by:

blockingIsStillConnected in interface BlockingCredentialProvider

Parameters:

userIdentity - the user previously correctly identified with this credential provider

redirector - The cocoon redirector

Returns:

true if this CredentialProvider was in a valid state, false to restart authentication process

Throws:

Exception - If an error occurred

nonBlockingIsStillConnected

public boolean nonBlockingIsStillConnected(UserIdentity userIdentity,
                                           Redirector redirector)
                                    throws Exception

Description copied from interface: NonBlockingCredentialProvider

Validates that the user specify is still connected

Specified by:

nonBlockingIsStillConnected in interface NonBlockingCredentialProvider

Parameters:

userIdentity - the user previously correctly identified with this credential provider

redirector - The cocoon redirector

Returns:

true if this CredentialProvider was in a valid state, false to restart authentication process

Throws:

Exception - If an error occurred

_getLoginFromFilter

private String _getLoginFromFilter(boolean gateway,
                                   Redirector redirector)
                            throws Exception

Throws:

Exception

_getProxyCallbackRelativeUrl

private String _getProxyCallbackRelativeUrl(Request request)

_getRunningCpIndex

private Integer _getRunningCpIndex(Request request)

blockingGrantAnonymousRequest

public boolean blockingGrantAnonymousRequest()

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be required. Use it with care, as it may lead to obvious security issues.

Specified by:

blockingGrantAnonymousRequest in interface BlockingCredentialProvider

Returns:

true if the Request is not authenticated

nonBlockingGrantAnonymousRequest

public boolean nonBlockingGrantAnonymousRequest()

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction before asking for credentials. This method is used to bypass authentication. If this method returns true, no authentication will be require. Use it with care, as it may lead to obvious security issues.

Specified by:

nonBlockingGrantAnonymousRequest in interface NonBlockingCredentialProvider

Returns:

true if the Request is not authenticated

blockingGetUserIdentity

public UserIdentity blockingGetUserIdentity(Redirector redirector)
                                     throws Exception

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction each time a request need authentication.

Specified by:

blockingGetUserIdentity in interface BlockingCredentialProvider

Parameters:

redirector - the cocoon redirector.

Returns:

the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.

Throws:

Exception - if something wrong occurs

nonBlockingGetUserIdentity

public UserIdentity nonBlockingGetUserIdentity(Redirector redirector)
                                        throws Exception

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction each time a request need authentication.

Specified by:

nonBlockingGetUserIdentity in interface NonBlockingCredentialProvider

Parameters:

redirector - the cocoon redirector.

Returns:

the UserIdentity corresponding to the user (with or without population specified), or null if user could not get authenticated.

Throws:

Exception - if something wrong occurs

blockingUserNotAllowed

public void blockingUserNotAllowed(Redirector redirector)
                            throws Exception

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.

Specified by:

blockingUserNotAllowed in interface BlockingCredentialProvider

Parameters:

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs

nonBlockingUserNotAllowed

public void nonBlockingUserNotAllowed(Redirector redirector)
                               throws Exception

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction each a user could not get authenticated. This method implementation is responsible of redirecting response to appropriate url.

Specified by:

nonBlockingUserNotAllowed in interface NonBlockingCredentialProvider

Parameters:

redirector - the cocoon Redirector that can be used for redirecting response.

Throws:

Exception - if something wrong occurs

blockingUserAllowed

public void blockingUserAllowed(UserIdentity userIdentity)

Description copied from interface: BlockingCredentialProvider

Method called by AuthenticateAction after authentication process succeeded

Specified by:

blockingUserAllowed in interface BlockingCredentialProvider

Parameters:

userIdentity - The user correctly connected

nonBlockingUserAllowed

public void nonBlockingUserAllowed(UserIdentity userIdentity)

Description copied from interface: NonBlockingCredentialProvider

Method called by AuthenticateAction after authentication process succeeded

Specified by:

nonBlockingUserAllowed in interface NonBlockingCredentialProvider

Parameters:

userIdentity - The user correctly connected

requiresNewWindow

public boolean requiresNewWindow()

Description copied from interface: BlockingCredentialProvider

Does this blocking credential provider requires a new window to process.

Specified by:

requiresNewWindow in interface BlockingCredentialProvider

Returns:

true to ask the client to process this credential provider throught a new window

_getLogin

protected String _getLogin(Request request)

Get the connected user login from the request or session.

Parameters:

request - the request object.

Returns:

the connected user login or null.