/**
* Authenticates a user and retrieves its information.
*
* @param token the authentication token
* @throws AuthenticationException if there is an error during authentication.
*/
@Override
@SuppressWarnings("unchecked")
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
throws AuthenticationException {
CasToken casToken = (CasToken) token;
if (token == null) {
return null;
}
String ticket = (String) casToken.getCredentials();
if (!StringUtils.hasText(ticket)) {
return null;
}
TicketValidator ticketValidator = ensureTicketValidator();
try {
// contact CAS server to validate service ticket
Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
// get principal, user id and attributes
AttributePrincipal casPrincipal = casAssertion.getPrincipal();
String userId = casPrincipal.getName();
log.debug(
"Validate ticket : {} in CAS server : {} to retrieve user : {}",
new Object[] {ticket, getCasServerUrlPrefix(), userId});
Map<String, Object> attributes = casPrincipal.getAttributes();
// refresh authentication token (user id + remember me)
casToken.setUserId(userId);
String rememberMeAttributeName = getRememberMeAttributeName();
String rememberMeStringValue = (String) attributes.get(rememberMeAttributeName);
boolean isRemembered =
rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue);
if (isRemembered) {
casToken.setRememberMe(true);
}
// create simple authentication info
List<Object> principals = CollectionUtils.asList(userId, attributes);
PrincipalCollection principalCollection =
new SimplePrincipalCollection(principals, getName());
return new SimpleAuthenticationInfo(principalCollection, ticket);
} catch (TicketValidationException e) {
throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
}
}
@Override
protected void processFilter(
HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws Exception {
HttpSession session = request.getSession();
long companyId = PortalUtil.getCompanyId(request);
String pathInfo = request.getPathInfo();
Object forceLogout = session.getAttribute(WebKeys.CAS_FORCE_LOGOUT);
if (forceLogout != null) {
session.removeAttribute(WebKeys.CAS_FORCE_LOGOUT);
String logoutUrl =
PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL);
response.sendRedirect(logoutUrl);
return;
}
if (pathInfo.indexOf("/portal/logout") != -1) {
session.invalidate();
String logoutUrl =
PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL);
response.sendRedirect(logoutUrl);
return;
} else {
String login = (String) session.getAttribute(WebKeys.CAS_LOGIN);
String serverName =
PrefsPropsUtil.getString(
companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);
String serviceUrl =
PrefsPropsUtil.getString(
companyId, PropsKeys.CAS_SERVICE_URL, PropsValues.CAS_SERVICE_URL);
if (Validator.isNull(serviceUrl)) {
serviceUrl =
CommonUtils.constructServiceUrl(
request, response, serviceUrl, serverName, "ticket", false);
}
String ticket = ParamUtil.getString(request, "ticket");
if (Validator.isNull(ticket)) {
if (Validator.isNotNull(login)) {
processFilter(CASFilter.class, request, response, filterChain);
} else {
String loginUrl =
PrefsPropsUtil.getString(
companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
loginUrl = HttpUtil.addParameter(loginUrl, "service", serviceUrl);
response.sendRedirect(loginUrl);
}
return;
}
TicketValidator ticketValidator = getTicketValidator(companyId);
Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
if (assertion != null) {
AttributePrincipal attributePrincipal = assertion.getPrincipal();
login = attributePrincipal.getName();
session.setAttribute(WebKeys.CAS_LOGIN, login);
}
}
processFilter(CASFilter.class, request, response, filterChain);
}