Package edu.yale.its.tp.cas.client.filter

Class CASFilter

java.lang.Object
edu.yale.its.tp.cas.client.filter.CASFilter
All Implemented Interfaces:
javax.servlet.Filter
public class CASFilter extends Object implements javax.servlet.Filter

Protects web-accessible resources with CAS.

The following filter initialization parameters are declared in web.xml:

  • edu.yale.its.tp.cas.client.filter.loginUrl: URL to login page on CAS server. (Required)
  • edu.yale.its.tp.cas.client.filter.validateUrl: URL to validation URL on CAS server. (Required)
  • edu.yale.its.tp.cas.client.filter.serviceUrl: URL of this service. (Required if serverName is not specified)
  • edu.yale.its.tp.cas.client.filter.serverName: full hostname with port number (e.g. www.foo.com:8080). Port number isn't required if it is standard (80 for HTTP, 443 for HTTPS). (Required if serviceUrl is not specified)
  • edu.yale.its.tp.cas.client.filter.authorizedProxy: whitespace-delimited list of valid proxies through which authentication may have proceeded. One one proxy must match. (Optional. If nothing is specified, the filter will only accept service tickets - not proxy tickets.)
  • edu.yale.its.tp.cas.client.filter.renew: value of CAS "renew" parameter. Bypasses single sign-on and requires user to provide CAS with his/her credentials again. (Optional. If nothing is specified, this defaults to false.)
  • edu.yale.its.tp.cas.client.filter.wrapRequest: wrap the HttpServletRequest object, overriding the getRemoteUser() method. When set to "true", request.getRemoteUser() will return the username of the currently logged-in CAS user. (Optional. If nothing is specified, this defaults to false.)

The logged-in username is set in the session attribute defined by the value of CAS_FILTER_USER and may be accessed from within your application either by setting wrapRequest and calling request.getRemoteUser(), or by calling session.getAttribute(CASFilter.CAS_FILTER_USER).

Author:
Shawn Bayern

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    CAS_FILTER_USER
    Session attribute in which the username is stored

  • Constructor Summary

    Constructors
    Constructor
    Description
    CASFilter()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    destroy()
     
    void
    doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain fc)
     
    void
    init(javax.servlet.FilterConfig config)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • CAS_FILTER_USER

      public static final String CAS_FILTER_USER
      Session attribute in which the username is stored
      See Also:

  • Constructor Details

    • CASFilter

      public CASFilter()

  • Method Details

    • init

      public void init(javax.servlet.FilterConfig config) throws javax.servlet.ServletException
      Specified by:
      init in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException

    • doFilter

      public void doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain fc) throws javax.servlet.ServletException, IOException
      Specified by:
      doFilter in interface javax.servlet.Filter
      Throws:
      javax.servlet.ServletException
      IOException

    • destroy

      public void destroy()
      Specified by:
      destroy in interface javax.servlet.Filter