/** * Authenticates a user and retrieves its information. * * @param token the authentication token * @throws AuthenticationException if there is an error during authentication. */ @Override @SuppressWarnings("unchecked") protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { CasToken casToken = (CasToken) token; if (token == null) { return null; } String ticket = (String) casToken.getCredentials(); if (!StringUtils.hasText(ticket)) { return null; } TicketValidator ticketValidator = ensureTicketValidator(); try { // contact CAS server to validate service ticket Assertion casAssertion = ticketValidator.validate(ticket, getCasService()); // get principal, user id and attributes AttributePrincipal casPrincipal = casAssertion.getPrincipal(); String userId = casPrincipal.getName(); log.debug( "Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[] {ticket, getCasServerUrlPrefix(), userId}); Map<String, Object> attributes = casPrincipal.getAttributes(); // refresh authentication token (user id + remember me) casToken.setUserId(userId); String rememberMeAttributeName = getRememberMeAttributeName(); String rememberMeStringValue = (String) attributes.get(rememberMeAttributeName); boolean isRemembered = rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue); if (isRemembered) { casToken.setRememberMe(true); } // create simple authentication info List<Object> principals = CollectionUtils.asList(userId, attributes); PrincipalCollection principalCollection = new SimplePrincipalCollection(principals, getName()); return new SimpleAuthenticationInfo(principalCollection, ticket); } catch (TicketValidationException e) { throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e); } }
@Override protected void processFilter( HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws Exception { HttpSession session = request.getSession(); long companyId = PortalUtil.getCompanyId(request); String pathInfo = request.getPathInfo(); Object forceLogout = session.getAttribute(WebKeys.CAS_FORCE_LOGOUT); if (forceLogout != null) { session.removeAttribute(WebKeys.CAS_FORCE_LOGOUT); String logoutUrl = PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL); response.sendRedirect(logoutUrl); return; } if (pathInfo.indexOf("/portal/logout") != -1) { session.invalidate(); String logoutUrl = PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL); response.sendRedirect(logoutUrl); return; } else { String login = (String) session.getAttribute(WebKeys.CAS_LOGIN); String serverName = PrefsPropsUtil.getString( companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME); String serviceUrl = PrefsPropsUtil.getString( companyId, PropsKeys.CAS_SERVICE_URL, PropsValues.CAS_SERVICE_URL); if (Validator.isNull(serviceUrl)) { serviceUrl = CommonUtils.constructServiceUrl( request, response, serviceUrl, serverName, "ticket", false); } String ticket = ParamUtil.getString(request, "ticket"); if (Validator.isNull(ticket)) { if (Validator.isNotNull(login)) { processFilter(CASFilter.class, request, response, filterChain); } else { String loginUrl = PrefsPropsUtil.getString( companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL); loginUrl = HttpUtil.addParameter(loginUrl, "service", serviceUrl); response.sendRedirect(loginUrl); } return; } TicketValidator ticketValidator = getTicketValidator(companyId); Assertion assertion = ticketValidator.validate(ticket, serviceUrl); if (assertion != null) { AttributePrincipal attributePrincipal = assertion.getPrincipal(); login = attributePrincipal.getName(); session.setAttribute(WebKeys.CAS_LOGIN, login); } } processFilter(CASFilter.class, request, response, filterChain); }