/* vim: set ts=2 et sw=2 cindent fo=qroca: */
package com.globant.katari.cas;
import java.io.IOException;
import java.net.URLEncoder;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.acegisecurity.AuthenticationException;
import org.acegisecurity.ui.AuthenticationEntryPoint;
import org.apache.commons.lang.Validate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.util.Assert;
/*** Used by the <code>SecurityEnforcementFilter</code> to commence
* authentication via the JA-SIG Central Authentication Service (CAS).
*
* The user's browser will be redirected to the JA-SIG CAS enterprise-wide
* login page. This page is specified by the login url service. Once login is
* complete, the CAS login page will redirect to the page indicated by the
* service url. The service is a HTTP URL belonging to the current application.
* The service URL is monitored by the CasProcessingFilter, which will validate
* the CAS login was successful.
*/
public class CasProcessingFilterEntryPoint implements AuthenticationEntryPoint,
InitializingBean {
/** The initial url buffer length.
*/
private static final int URL_BUFFER_LENGTH = 255;
/** The class logger.
*/
private static Log log = LogFactory.getLog(
CasProcessingFilterEntryPoint.class);
/** A creator of all the necessary service urls.
*
* This object only needs the service url and the login url.
*/
private CasServicesUrlBuilder servicesUrlBuilder = null;
/** Called by spring after all properties has been set.
*
* We use it to validate the required parameters.
*/
public void afterPropertiesSet() {
Assert.notNull(servicesUrlBuilder, "servicesUrlBuilder must be specified");
}
/** Starts the authentication.
*
* This method redirects the browser to the cas login page.
*
* This method can be called only with a non null servicesUrlBuilder.
*
* @param servletRequest The servlet request. This must be an instance of
* HttpServletRequest. It cannot be null.
*
* @param servletResponse The servlet response. This must be an instance of
* HttpServletResponse. It cann0t be null.
*
* @param authenticationException This parameter is not used.
*
* @throws IOException in case of an io error.
*
* @throws ServletException in case of an unexpected error.
*/
public void commence(final ServletRequest servletRequest, final
ServletResponse servletResponse, final AuthenticationException
authenticationException) throws IOException, ServletException {
log.trace("Entering commence");
if (servicesUrlBuilder == null) {
throw new IllegalStateException("CasServicesUrlBuilder must be"
+ " specified");
}
if (!(servletRequest instanceof HttpServletRequest)) {
throw new ServletException("This filter can only be applied to http"
+ " requests.");
}
if (!(servletResponse instanceof HttpServletResponse)) {
throw new ServletException("This filter can only be applied to http"
+ " responses.");
}
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String service = servicesUrlBuilder.buildServiceUrl(request);
String loginUrl = servicesUrlBuilder.buildLoginUrl(request);
String urlEncodedService = response.encodeURL(service);
StringBuffer buffer = new StringBuffer(URL_BUFFER_LENGTH);
buffer.append(loginUrl);
buffer.append("?service=");
buffer.append(URLEncoder.encode(urlEncodedService, "UTF-8"));
// buffer.append(serviceProperties.isSendRenew() ? "&renew=true" : "");
response.sendRedirect(buffer.toString());
log.trace("Leaving commence");
}
/** Sets the creator of all the necessary services url.
*
* @param theServicesUrlBuilder The url creator. It cannot be null.
*/
public void setServicesUrlBuilder(final CasServicesUrlBuilder
theServicesUrlBuilder) {
Validate.notNull(theServicesUrlBuilder, "The services builder cannot be"
+ " null");
servicesUrlBuilder = theServicesUrlBuilder;
}
}