Package org.nuxeo.ecm.platform.ui.web.auth.cas2

Class Cas2Authenticator

java.lang.Object
org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator
All Implemented Interfaces:
LoginResponseHandler, NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension
public class Cas2Authenticator extends Object implements NuxeoAuthenticationPlugin, NuxeoAuthenticationPluginLogoutExtension, LoginResponseHandler
Author:
Thierry Delprat, Olivier Adam, M.-A. Darche, Benjamin Jalon, Thierry Martins

  • Field Details

    • CAS_SERVER_HEADER_KEY

      @Deprecated(since="2023") protected static final String CAS_SERVER_HEADER_KEY
      Deprecated.
      since 2023, no used anymore for security reasons
      See Also:

    • CAS_SERVER_PATTERN_KEY

      protected static final String CAS_SERVER_PATTERN_KEY
      See Also:

    • NUXEO_SERVER_PATTERN_KEY

      protected static final String NUXEO_SERVER_PATTERN_KEY
      See Also:

    • LOGIN_ACTION

      protected static final String LOGIN_ACTION
      See Also:

    • LOGOUT_ACTION

      protected static final String LOGOUT_ACTION
      See Also:

    • VALIDATE_ACTION

      protected static final String VALIDATE_ACTION
      See Also:

    • PROXY_VALIDATE_ACTION

      protected static final String PROXY_VALIDATE_ACTION
      See Also:

    • EXCLUDE_PROMPT_KEY

      protected static final String EXCLUDE_PROMPT_KEY
      See Also:

    • ticketKey

      protected String ticketKey

    • proxyKey

      protected String proxyKey

    • appURL

      protected String appURL

    • serviceLoginURL

      protected String serviceLoginURL

    • serviceValidateURL

      protected String serviceValidateURL

    • proxyValidateURL

      protected String proxyValidateURL
      We tell the CAS server whether we want a plain text (CAS 1.0) or XML (CAS 2.0) response by making the request either to the '.../validate' or '.../serviceValidate' URL. The older protocol supports only the CAS 1.0 functionality, which is left around as the legacy '.../validate' URL.

    • serviceKey

      protected String serviceKey

    • logoutURL

      protected String logoutURL

    • defaultCasServer

      protected String defaultCasServer

    • ticketValidatorClassName

      protected String ticketValidatorClassName

    • proxyValidatorClassName

      protected String proxyValidatorClassName

    • promptLogin

      protected boolean promptLogin

    • excludePromptURLs

      protected List<String> excludePromptURLs

    • errorPage

      protected String errorPage

  • Constructor Details

    • Cas2Authenticator

      public Cas2Authenticator()

  • Method Details

    • getUnAuthenticatedURLPrefix

      public List<String> getUnAuthenticatedURLPrefix()
      Description copied from interface: NuxeoAuthenticationPlugin
      Returns the list of prefix for unauthenticated URLs, typically the URLs associated to login prompt.
      Specified by:
      getUnAuthenticatedURLPrefix in interface NuxeoAuthenticationPlugin

    • getServiceURL

      protected String getServiceURL(jakarta.servlet.http.HttpServletRequest httpRequest, String action)

    • handleLoginPrompt

      public Boolean handleLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, String baseURL)
      Description copied from interface: NuxeoAuthenticationPlugin
      Handles the Login Prompt.
      Specified by:
      handleLoginPrompt in interface NuxeoAuthenticationPlugin
      Parameters:
      httpRequest - the request
      httpResponse - the response
      Returns:
      true if AuthFilter must stop execution (ie: login prompt generated a redirect), false otherwise

    • getAppURL

      protected String getAppURL(jakarta.servlet.http.HttpServletRequest httpRequest)

    • handleRetrieveIdentity

      public UserIdentificationInfo handleRetrieveIdentity(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse)
      Description copied from interface: NuxeoAuthenticationPlugin
      Retrieves user identification information from the request.
      Specified by:
      handleRetrieveIdentity in interface NuxeoAuthenticationPlugin
      Parameters:
      httpRequest - the request
      httpResponse - the response

    • initPlugin

      public void initPlugin(Map<String,String> parameters)
      Description copied from interface: NuxeoAuthenticationPlugin
      Initializes the Plugin from parameters set in the XML descriptor.
      Specified by:
      initPlugin in interface NuxeoAuthenticationPlugin

    • needLoginPrompt

      public Boolean needLoginPrompt(jakarta.servlet.http.HttpServletRequest httpRequest)
      Description copied from interface: NuxeoAuthenticationPlugin
      Defines if the authentication plugin needs to do a login prompt.
      Specified by:
      needLoginPrompt in interface NuxeoAuthenticationPlugin
      Returns:
      true if LoginPrompt is used

    • handleLogout

      public Boolean handleLogout(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse)
      Description copied from interface: NuxeoAuthenticationPluginLogoutExtension
      Handles logout operation.

      Generic logout (killing session and Seam objects) is done by LogoutActionBean This interface must be implemented by auth plugin when the target auth system needs a specific logout procedure.

      Specified by:
      handleLogout in interface NuxeoAuthenticationPluginLogoutExtension
      Returns:
      true if caller must stop execution (ie: logout generated a redirect), false otherwise

    • checkProxyCasTicket

      protected String checkProxyCasTicket(String ticket, jakarta.servlet.http.HttpServletRequest httpRequest)

    • checkCasTicket

      protected String checkCasTicket(String ticket, jakarta.servlet.http.HttpServletRequest httpRequest)

    • onError

      public boolean onError(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)
      Description copied from interface: LoginResponseHandler
      Handles the login error response.
      Specified by:
      onError in interface LoginResponseHandler
      Parameters:
      request - the HTTP request
      response - the HTTP response
      Returns:
      true if error was handled, false otherwise

    • onSuccess

      public boolean onSuccess(jakarta.servlet.http.HttpServletRequest arg0, jakarta.servlet.http.HttpServletResponse arg1)
      Description copied from interface: LoginResponseHandler
      Handles login success response.
      Specified by:
      onSuccess in interface LoginResponseHandler
      Parameters:
      arg0 - the HTTP request
      arg1 - the HTTP response
      Returns:
      true if response was handled, false otherwise

    • getAlternativeAuthPlugin

      protected NuxeoAuthenticationPlugin getAlternativeAuthPlugin(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse)

    • getCookie

      protected jakarta.servlet.http.Cookie getCookie(jakarta.servlet.http.HttpServletRequest httpRequest, String cookieName)

    • removeCookie

      protected void removeCookie(jakarta.servlet.http.HttpServletRequest httpRequest, jakarta.servlet.http.HttpServletResponse httpResponse, jakarta.servlet.http.Cookie cookie)