SEC-852

provided mechanism to do get a proxy ticket
18 years ago · 5b089aea16
4 changed files with 77 additions and 13 deletions
--- a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
+++ b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
@ -15,6 +15,11 @@
				@@ -15,6 +15,11 @@

 package org.springframework.security.ui.cas;

+import java.io.IOException;
+
+import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
+import org.jasig.cas.client.util.CommonUtils;
+import org.jasig.cas.client.validation.TicketValidator;
 import org.springframework.security.Authentication;
 import org.springframework.security.AuthenticationException;

@ -24,6 +29,7 @@ import org.springframework.security.ui.AbstractProcessingFilter;
				@@ -24,6 +29,7 @@ import org.springframework.security.ui.AbstractProcessingFilter;
 import org.springframework.security.ui.FilterChainOrder;

 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;


 /**
@ -38,7 +44,11 @@ import javax.servlet.http.HttpServletRequest;
				@@ -38,7 +44,11 @@ import javax.servlet.http.HttpServletRequest;
 *  <p>The configured <code>AuthenticationManager</code> is expected to provide a provider that can recognise
 * <code>UsernamePasswordAuthenticationToken</code>s containing this special <code>principal</code> name, and process
 * them accordingly by validation with the CAS server.</p>
- *  <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
+ * <p>By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the CasProcessingFilter
+ * one can have the CasProcessingFilter handle the proxying requirements for CAS.  In addition, the URI endpoint for the proxying
+ * would also need to be configured (i.e. the part after protocol, hostname, and port).
+ * 
+ * <p><b>Do not use this class directly.</b> Instead configure <code>web.xml</code> to use the {@link
 * org.springframework.security.util.FilterToBeanProxy}.</p>
 *
 * @author Ben Alex
@ -57,8 +67,17 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
				@@ -57,8 +67,17 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
     */
    public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";

-    //~ Methods ========================================================================================================
+    /**
+     * The last portion of the receptor url, i.e. /proxy/receptor
+     */
+    private String proxyReceptorUrl;
+    
+    /**
+     * The backing storage to store ProxyGrantingTicket requests.
+     */
+    private ProxyGrantingTicketStorage proxyGrantingTicketStorage;

+    //~ Methods ========================================================================================================  
    public Authentication attemptAuthentication(final HttpServletRequest request)
        throws AuthenticationException {
        final String username = CAS_STATEFUL_IDENTIFIER;
@ -87,4 +106,35 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
				@@ -87,4 +106,35 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
    public int getOrder() {
        return FilterChainOrder.CAS_PROCESSING_FILTER;
    }
+    
+
+    /**
+     * Overridden to provide proxying capabilities.
+     */
+	protected boolean requiresAuthentication(final HttpServletRequest request,
+			final HttpServletResponse response) {
+		final String requestUri = request.getRequestURI();
+
+        if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
+        	return super.requiresAuthentication(request, response);
+        }
+
+        try {
+        	CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
+        	return false;
+        } catch (final IOException e) {
+        	return super.requiresAuthentication(request, response);
+        }
+	}
+
+	public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
+		this.proxyReceptorUrl = proxyReceptorUrl;
+	}
+
+	public final void setProxyGrantingTicketStorage(
+			final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
+		this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
+	}
+	
+	
 }
--- a/samples/cas/Readme.txt
+++ b/samples/cas/Readme.txt
@ -10,11 +10,11 @@ client - this contains the actual sample web application which uses the cas serv
				@@ -10,11 +10,11 @@ client - this contains the actual sample web application which uses the cas serv
 Running the CAS Server
 -----------------------

-You first need to download the CAS server 3.2 distribution from
+You first need to download the CAS server 3.2.1 distribution from

 http://www.ja-sig.org/products/cas/downloads/index.html

-You only need the modules/cas-server-webapp-3.2.war web application file from the distribution. Copy this to the
+You only need the modules/cas-server-webapp-3.2.1.war web application file from the distribution. Copy this to the
 "server" directory inside the one that contains this readme file (i.e. copy it to samples/cas/server).

 You can then run the CAS server (from the same) by executing the maven command
@ -34,7 +34,7 @@ Running the Client Application
				@@ -34,7 +34,7 @@ Running the Client Application
 Leave the server running and start up a separate command window to run the sample application. Change to the directory
 samples/cas/client and execute the command

-mvn:jetty-run
+mvn jetty:run


 This should start the sample application on
--- a/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml
@ -11,14 +11,15 @@
				@@ -11,14 +11,15 @@
        <sec:logout />
    </sec:http>

-
    <sec:authentication-manager alias="authenticationManager"/>

    <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">
        <sec:custom-filter after="CAS_PROCESSING_FILTER"/>
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
-        <property name="defaultTargetUrl" value="/"/>
+        <property name="defaultTargetUrl" value="/"/>
+        <property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+        <property name="proxyReceptorUrl" value="/secure/receptor" />
    </bean>

    <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">
@ -32,11 +33,15 @@
				@@ -32,11 +33,15 @@
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
        	<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
-        		<constructor-arg index="0" value="https://localhost:9443/cas" />
+        		<constructor-arg index="0" value="https://localhost:9443/cas" />
+        		<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
+        		<property name="proxyCallbackUrl" value="https://localhost:8443/cas-sample/secure/receptor" />
            </bean>
        </property>
-        <property name="key" value="an_id_for_this_auth_provider_only"/>
-    </bean>
+        <property name="key" value="an_id_for_this_auth_provider_only"/>
+    </bean>
+    
+    <bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />

    <bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
        <property name="service" value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/>
@ -48,5 +53,4 @@
				@@ -48,5 +53,4 @@
        <sec:user name="dianne" password="dianne" authorities="ROLE_USER" />
        <sec:user name="scott" password="scott" authorities="ROLE_USER" />
    </sec:user-service>
-
 </beans>
--- a/samples/cas/server/pom.xml
+++ b/samples/cas/server/pom.xml
@ -17,7 +17,7 @@
				@@ -17,7 +17,7 @@
                <version>6.1.7</version>
                <configuration>
                    <contextPath>/cas</contextPath>
-                    <webApp>${basedir}/cas-server-webapp-3.2.war</webApp>
+                    <webApp>${basedir}/cas-server-webapp-3.2.1.war</webApp>
                    <connectors>
                        <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
                            <port>9443</port>
@ -29,7 +29,17 @@
				@@ -29,7 +29,17 @@
                            <wantClientAuth>true</wantClientAuth>
                            <needClientAuth>false</needClientAuth>
                        </connector>
-                    </connectors>
+                    </connectors>
+			         <systemProperties>
+			            <systemProperty>
+			              <name>javax.net.ssl.trustStore</name>
+			               <value>../../certificates/server.jks</value>
+			            </systemProperty>
+			            <systemProperty>
+			            	<name>javax.net.ssl.trustStorePassword</name>
+			            	<value>password</value>
+			            </systemProperty>
+					</systemProperties>
                </configuration>
            </plugin>
        </plugins>