diff --git a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
index 579bd9f919..1860f18e76 100644
--- a/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
+++ b/cas/src/main/java/org/springframework/security/ui/cas/CasProcessingFilter.java
@@ -15,6 +15,11 @@
package org.springframework.security.ui.cas;
+import java.io.IOException;
+
+import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
+import org.jasig.cas.client.util.CommonUtils;
+import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
@@ -24,6 +29,7 @@ import org.springframework.security.ui.AbstractProcessingFilter;
import org.springframework.security.ui.FilterChainOrder;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
/**
@@ -38,7 +44,11 @@ import javax.servlet.http.HttpServletRequest;
* The configured AuthenticationManager is expected to provide a provider that can recognise
* UsernamePasswordAuthenticationTokens containing this special principal name, and process
* them accordingly by validation with the CAS server.
- * Do not use this class directly. Instead configure web.xml to use the {@link
+ *
By configuring a shared {@link ProxyGrantingTicketStorage} between the {@link TicketValidator} and the CasProcessingFilter
+ * one can have the CasProcessingFilter handle the proxying requirements for CAS. In addition, the URI endpoint for the proxying
+ * would also need to be configured (i.e. the part after protocol, hostname, and port).
+ *
+ *
Do not use this class directly. Instead configure web.xml to use the {@link
* org.springframework.security.util.FilterToBeanProxy}.
*
* @author Ben Alex
@@ -57,8 +67,17 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
*/
public static final String CAS_STATELESS_IDENTIFIER = "_cas_stateless_";
- //~ Methods ========================================================================================================
+ /**
+ * The last portion of the receptor url, i.e. /proxy/receptor
+ */
+ private String proxyReceptorUrl;
+
+ /**
+ * The backing storage to store ProxyGrantingTicket requests.
+ */
+ private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
+ //~ Methods ========================================================================================================
public Authentication attemptAuthentication(final HttpServletRequest request)
throws AuthenticationException {
final String username = CAS_STATEFUL_IDENTIFIER;
@@ -87,4 +106,35 @@ public class CasProcessingFilter extends AbstractProcessingFilter {
public int getOrder() {
return FilterChainOrder.CAS_PROCESSING_FILTER;
}
+
+
+ /**
+ * Overridden to provide proxying capabilities.
+ */
+ protected boolean requiresAuthentication(final HttpServletRequest request,
+ final HttpServletResponse response) {
+ final String requestUri = request.getRequestURI();
+
+ if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl) || this.proxyGrantingTicketStorage == null) {
+ return super.requiresAuthentication(request, response);
+ }
+
+ try {
+ CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
+ return false;
+ } catch (final IOException e) {
+ return super.requiresAuthentication(request, response);
+ }
+ }
+
+ public final void setProxyReceptorUrl(final String proxyReceptorUrl) {
+ this.proxyReceptorUrl = proxyReceptorUrl;
+ }
+
+ public final void setProxyGrantingTicketStorage(
+ final ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
+ this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
+ }
+
+
}
diff --git a/samples/cas/Readme.txt b/samples/cas/Readme.txt
index 4ab9cbdce7..b6345285fb 100644
--- a/samples/cas/Readme.txt
+++ b/samples/cas/Readme.txt
@@ -10,11 +10,11 @@ client - this contains the actual sample web application which uses the cas serv
Running the CAS Server
-----------------------
-You first need to download the CAS server 3.2 distribution from
+You first need to download the CAS server 3.2.1 distribution from
http://www.ja-sig.org/products/cas/downloads/index.html
-You only need the modules/cas-server-webapp-3.2.war web application file from the distribution. Copy this to the
+You only need the modules/cas-server-webapp-3.2.1.war web application file from the distribution. Copy this to the
"server" directory inside the one that contains this readme file (i.e. copy it to samples/cas/server).
You can then run the CAS server (from the same) by executing the maven command
@@ -34,7 +34,7 @@ Running the Client Application
Leave the server running and start up a separate command window to run the sample application. Change to the directory
samples/cas/client and execute the command
-mvn:jetty-run
+mvn jetty:run
This should start the sample application on
diff --git a/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml b/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml
index ebf15f93c6..4ad046f289 100644
--- a/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml
+++ b/samples/cas/client/src/main/webapp/WEB-INF/applicationContext-security.xml
@@ -11,14 +11,15 @@
-
-
+
+
+
@@ -32,11 +33,15 @@
-
+
+
+
-
-
+
+
+
+
@@ -48,5 +53,4 @@
-
\ No newline at end of file
diff --git a/samples/cas/server/pom.xml b/samples/cas/server/pom.xml
index 66b99da74d..4efbad9b3d 100644
--- a/samples/cas/server/pom.xml
+++ b/samples/cas/server/pom.xml
@@ -17,7 +17,7 @@
6.1.7
/cas
- ${basedir}/cas-server-webapp-3.2.war
+ ${basedir}/cas-server-webapp-3.2.1.war
9443
@@ -29,7 +29,17 @@
true
false
-
+
+
+
+ javax.net.ssl.trustStore
+ ../../certificates/server.jks
+
+
+ javax.net.ssl.trustStorePassword
+ password
+
+