GeoServerCasAuthenticationEntryPoint.java example

Explorer

geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src

/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */


package org.geoserver.security.cas;

import java.io.IOException;

import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;

/**
 * Special CAS {@link AuthenticationEntryPoint} implementation. Clients
 * sending requests with an HTTP parameter {@link #CAS_REDIRECT} set to
 * <code>true</code> can avoid the standard CAS redirect. An unsuccessful 
 * authentication results in an HTTP 403 error. (Forbidden).
 * 
 * The {@link #CAS_REDIRECT} key value pair can also be sent as
 * an HTTP requester header attribute.
 * 
 * @author christian
 *
 */
public class GeoServerCasAuthenticationEntryPoint implements AuthenticationEntryPoint {

    public final static String CAS_REDIRECT = "casredirect";
    
    //private AuthenticationEntryPoint http403 = new Http403ForbiddenEntryPoint();
    private CasAuthenticationFilterConfig authConfig;
    
    public GeoServerCasAuthenticationEntryPoint(CasAuthenticationFilterConfig config) {
        this.authConfig=config;
    }
    
    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException authException) throws IOException, ServletException {
        
        // check for http parameter
        String value = request.getParameter(CAS_REDIRECT);
        if (value != null && "false".equalsIgnoreCase(value)) {
            //http403.commence(request, response, authException);
            sendUnauthorized(response);
            return;
        }
        
        // check for header attribute
        value = request.getHeader(CAS_REDIRECT);
        if (value != null && "false".equalsIgnoreCase(value)) {
            //http403.commence(request, response, authException);
            sendUnauthorized(response);
            return;
        }

        // standard cas redirect
        ServiceProperties sp = new ServiceProperties();
        sp.setSendRenew(authConfig.isSendRenew());
        sp.setService(GeoServerCasAuthenticationFilter.retrieveService(request));                
        
        try {
            sp.afterPropertiesSet();
        } catch (Exception e) {
            throw new IOException(e);
        }
        
        CasAuthenticationEntryPoint aep= new CasAuthenticationEntryPoint();
        aep.setLoginUrl(authConfig.getCasServerUrlPrefix()+GeoServerCasConstants.LOGIN_URI);
        aep.setServiceProperties(sp);
        try {
            aep.afterPropertiesSet();
        } catch (Exception e) {
            throw new IOException(e);
        }        
        aep.commence(request, response, authException);            
    }
    
    public void sendUnauthorized(ServletResponse response) throws IOException {
        HttpServletResponse httpResponse = (HttpServletResponse) response;
        httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
    }
}