java - jasig CAS: reference to RegistredService in AuthHandler Class -
i'm developing custom authhandler our company. idea allow access based on user , service. can't find way access registredservice.
is there way pass registredservice authhandler ?
/** * mbox auth handler */ package lu.ion.cas.adaptors.mbox; import org.jasig.cas.authentication.handler.support.abstractpreandpostprocessingauthenticationhandler; import org.jasig.cas.authentication.handler.authenticationexception; import org.jasig.cas.authentication.principal.credentials; import org.jasig.cas.authentication.principal.usernamepasswordcredentials; import lu.ion.cas.mboxauthhelper; import javax.validation.constraints.notnull; public class authhandler extends abstractpreandpostprocessingauthenticationhandler { private mboxauthhelper mboxauthhelper; private requestcontext context; protected boolean doauthentication(final credentials credentials) throws authenticationexception { return authenticateusernamepasswordinternal((usernamepasswordcredentials) credentials); } protected boolean authenticateusernamepasswordinternal( final usernamepasswordcredentials credentials) throws authenticationexception { return mboxauthhelper.load(credentials.getusername(), credentials.getpassword(), "/auth/check") != null; } public boolean supports(credentials credentials) { return true; } public final void setmboxauthhelper(final mboxauthhelper mboxauthhelper) { this.mboxauthhelper = mboxauthhelper; } } i'm using cas 3.5.2.
i have used cas few years , found there many ways everything. don't know how (or if) can pass registeredservice authhandler. solved same problem using custom authenticationfilter.
(backend) create authenticationfilter.java in/near cas project this:
public class authenticationfilter implements filter { @override public void dofilter(servletrequest req, servletresponse res, filterchain chain) throws ioexception, servletexception { httpservletrequest request = (httpservletrequest) req; httpservletresponse response = (httpservletresponse) res; httpsession session = request.getsession(); string loginname = request.getremoteuser(); string contextpath = request.getcontextpath(); system.err.println("loginname is: " + loginname); system.err.println("contextpath is: " + contextpath); boolean isauthorized = false; // work/query find out if authorized if (isauthorized) { chain.dofilter(request, response); } else { session.invalidate(); // print error page } } @override public void init(filterconfig config) throws servletexception { } @override public void destroy() { } } (frontend) add filter chain. if have web.xml existing cas filters, easy.
... <filter> <filter-name>custom filter</filter-name> <filter-class> com.yoursite.filter.authenticationfilter </filter-class> </filter> <filter-mapping> <filter-name>custom filter</filter-name> <url-pattern>/index.jsp</url-pattern> </filter-mapping> ...
Comments
Post a Comment