CasAuthenticationProviderEx.java

package me.test;

import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;

public class CasAuthenticationProviderEx extends CasAuthenticationProvider {

    private AnonymousAuthenticationToken anonymousAuthenticationToken;

    @Override
    public void afterPropertiesSet() throws Exception {
        super.afterPropertiesSet();
        if (anonymousAuthenticationToken == null) {
            anonymousAuthenticationToken = new AnonymousAuthenticationToken(
                    super.getKey(), "anonymousUser",
                    AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
        }
    }

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass())) {
            return null;
        }

        if (authentication instanceof UsernamePasswordAuthenticationToken
            && (!CasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER.equals(authentication.getPrincipal().toString())
            && !CasAuthenticationFilter.CAS_STATELESS_IDENTIFIER.equals(authentication.getPrincipal().toString()))) {
            // UsernamePasswordAuthenticationToken not CAS related
            return null;
        }

        // If an existing CasAuthenticationToken, just check we created it
        if (authentication instanceof CasAuthenticationToken) {
            if (this.getKey().hashCode() == ((CasAuthenticationToken) authentication).getKeyHash()) {
                return authentication;
            } else {
                throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.incorrectKey",
                        "The presented CasAuthenticationToken does not contain the expected key"));
            }
        }

        // Ensure credentials are presented
        if ((authentication.getCredentials() == null) || "".equals(authentication.getCredentials())) {
            if(serviceProperties instanceof ServicePropertiesEx && ((ServicePropertiesEx)serviceProperties).isGateway()){
                // TODO This token should only using in next http request, ant then removed
                return anonymousAuthenticationToken;
            }else{
            throw new BadCredentialsException(messages.getMessage("CasAuthenticationProvider.noServiceTicket",
                    "Failed to provide a CAS service ticket to validate"));
            }
        }

        return super.authenticate(authentication);
    }

    public AnonymousAuthenticationToken getAnonymousAuthenticationToken() {
        return anonymousAuthenticationToken;
    }

    public void setAnonymousAuthenticationToken(AnonymousAuthenticationToken anonymousAuthenticationToken) {
        this.anonymousAuthenticationToken = anonymousAuthenticationToken;
    }

    private ServiceProperties serviceProperties;
    public void setServiceProperties(final ServiceProperties serviceProperties) {
        super.setServiceProperties(serviceProperties);
        this.serviceProperties = serviceProperties;
    }
}