Class Cas2Authenticator
java.lang.Object
org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator
- All Implemented Interfaces:
LoginResponseHandler
,NuxeoAuthenticationPlugin
,NuxeoAuthenticationPluginLogoutExtension
public class Cas2Authenticator
extends Object
implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension, LoginResponseHandler
- Author:
- Thierry Delprat, Olivier Adam, M.-A. Darche, Benjamin Jalon, Thierry Martins
-
Field Summary
Modifier and TypeFieldDescriptionprotected static final String
protected String
protected static final String
Deprecated.since 2023, no used anymore for security reasonsprotected static final String
protected String
protected String
protected static final String
protected static final String
protected static final String
protected String
protected static final String
protected boolean
protected static final String
protected String
protected String
We tell the CAS server whether we want a plain text (CAS 1.0) or XML (CAS 2.0) response by making the request either to the '...protected String
protected String
protected String
protected String
protected String
protected String
protected static final String
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected String
checkCasTicket
(String ticket, javax.servlet.http.HttpServletRequest httpRequest) protected String
checkProxyCasTicket
(String ticket, javax.servlet.http.HttpServletRequest httpRequest) protected NuxeoAuthenticationPlugin
getAlternativeAuthPlugin
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) protected String
getAppURL
(javax.servlet.http.HttpServletRequest httpRequest) protected javax.servlet.http.Cookie
protected String
getServiceURL
(javax.servlet.http.HttpServletRequest httpRequest, String action) Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.handleLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL) Handles the Login Prompt.handleLogout
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Handles logout operation.handleRetrieveIdentity
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Retrieves user identification information from the request.void
initPlugin
(Map<String, String> parameters) Initializes the Plugin from parameters set in the XML descriptor.needLoginPrompt
(javax.servlet.http.HttpServletRequest httpRequest) Defines if the authentication plugin needs to do a login prompt.boolean
onError
(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Handles the login error response.boolean
onSuccess
(javax.servlet.http.HttpServletRequest arg0, javax.servlet.http.HttpServletResponse arg1) Handles login success response.protected void
removeCookie
(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, javax.servlet.http.Cookie cookie)
-
Field Details
-
CAS_SERVER_HEADER_KEY
Deprecated.since 2023, no used anymore for security reasons- See Also:
-
CAS_SERVER_PATTERN_KEY
- See Also:
-
NUXEO_SERVER_PATTERN_KEY
- See Also:
-
LOGIN_ACTION
- See Also:
-
LOGOUT_ACTION
- See Also:
-
VALIDATE_ACTION
- See Also:
-
PROXY_VALIDATE_ACTION
- See Also:
-
EXCLUDE_PROMPT_KEY
- See Also:
-
ALTERNATIVE_AUTH_PLUGIN_COOKIE_NAME
- See Also:
-
ticketKey
-
proxyKey
-
appURL
-
serviceLoginURL
-
serviceValidateURL
-
proxyValidateURL
We tell the CAS server whether we want a plain text (CAS 1.0) or XML (CAS 2.0) response by making the request either to the '.../validate' or '.../serviceValidate' URL. The older protocol supports only the CAS 1.0 functionality, which is left around as the legacy '.../validate' URL. -
serviceKey
-
logoutURL
-
defaultCasServer
-
ticketValidatorClassName
-
proxyValidatorClassName
-
promptLogin
protected boolean promptLogin -
excludePromptURLs
-
errorPage
-
-
Constructor Details
-
Cas2Authenticator
public Cas2Authenticator()
-
-
Method Details
-
getUnAuthenticatedURLPrefix
Description copied from interface:NuxeoAuthenticationPlugin
Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.- Specified by:
getUnAuthenticatedURLPrefix
in interfaceNuxeoAuthenticationPlugin
-
getServiceURL
-
handleLoginPrompt
public Boolean handleLoginPrompt(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, String baseURL) Description copied from interface:NuxeoAuthenticationPlugin
Handles the Login Prompt.- Specified by:
handleLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Parameters:
httpRequest
- the requesthttpResponse
- the response- Returns:
- true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise
-
getAppURL
-
handleRetrieveIdentity
public UserIdentificationInfo handleRetrieveIdentity(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPlugin
Retrieves user identification information from the request.- Specified by:
handleRetrieveIdentity
in interfaceNuxeoAuthenticationPlugin
- Parameters:
httpRequest
- the requesthttpResponse
- the response
-
initPlugin
Description copied from interface:NuxeoAuthenticationPlugin
Initializes the Plugin from parameters set in the XML descriptor.- Specified by:
initPlugin
in interfaceNuxeoAuthenticationPlugin
-
needLoginPrompt
Description copied from interface:NuxeoAuthenticationPlugin
Defines if the authentication plugin needs to do a login prompt.- Specified by:
needLoginPrompt
in interfaceNuxeoAuthenticationPlugin
- Returns:
- true if LoginPrompt is used
-
handleLogout
public Boolean handleLogout(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) Description copied from interface:NuxeoAuthenticationPluginLogoutExtension
Handles logout operation.Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.
- Specified by:
handleLogout
in interfaceNuxeoAuthenticationPluginLogoutExtension
- Returns:
- true if caller must stop execution (ie: logout generated a redirect), false otherwise
-
checkProxyCasTicket
-
checkCasTicket
-
onError
public boolean onError(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Description copied from interface:LoginResponseHandler
Handles the login error response.- Specified by:
onError
in interfaceLoginResponseHandler
- Parameters:
request
- the HTTP requestresponse
- the HTTP response- Returns:
- true if error was handled, false otherwise
-
onSuccess
public boolean onSuccess(javax.servlet.http.HttpServletRequest arg0, javax.servlet.http.HttpServletResponse arg1) Description copied from interface:LoginResponseHandler
Handles login success response.- Specified by:
onSuccess
in interfaceLoginResponseHandler
- Parameters:
arg0
- the HTTP requestarg1
- the HTTP response- Returns:
- true if response was handled, false otherwise
-
getAlternativeAuthPlugin
protected NuxeoAuthenticationPlugin getAlternativeAuthPlugin(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse) -
getCookie
protected javax.servlet.http.Cookie getCookie(javax.servlet.http.HttpServletRequest httpRequest, String cookieName) -
removeCookie
protected void removeCookie(javax.servlet.http.HttpServletRequest httpRequest, javax.servlet.http.HttpServletResponse httpResponse, javax.servlet.http.Cookie cookie)
-