net.sourceforge.openutils.mgnlcas
Class CASAuthenticationModule

java.lang.Object
  info.magnolia.jaas.sp.AbstractLoginModule
      net.sourceforge.openutils.mgnlcas.CASAuthenticationModule

All Implemented Interfaces:

info.magnolia.jaas.sp.UserAwareLoginModule, javax.security.auth.spi.LoginModule

public class CASAuthenticationModule
extends info.magnolia.jaas.sp.AbstractLoginModule
implements javax.security.auth.spi.LoginModule, info.magnolia.jaas.sp.UserAwareLoginModule

This class implements a JAAS LoginModule that defers authentication to CAS. See the JAAS documentation for details about configuration and architecture.

The calling application's CallbackHandler MUST return the ticket for a TextInputCallback whose prompt is "ticket".

The CAS service MAY be hard-coded into the configuration; if it is not, the calling application's CallbackHandler MAY return the service in a TextInputCallback whose prompt is "service".

The cas_validate_url MUST be hard-coded in the configuration

Sample jaas.config configuration:

 magnolia {
   net.sourceforge.openutils.mgnlcas.CASAuthenticationModule
                  requisite
                  realm=cas;
  info.magnolia.jaas.sp.jcr.JCRAuthenticationModule
                  requisite
                  skip_on_previous_success=true;
  info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
 };


 

Version:

$Id: CASAuthenticationModule.java 4124 2008-09-22 14:56:46Z fgiust $

Author:

fgiust

Field Summary

protected javax.security.auth.callback.CallbackHandler	callbackHandler
protected java.lang.String	casValidateUrl
protected org.slf4j.Logger	log
protected org.jasig.cas.client.authentication.AttributePrincipal	principal
protected java.lang.String	service
protected javax.security.auth.Subject	subject
protected info.magnolia.cms.security.User	user

Fields inherited from class info.magnolia.jaas.sp.AbstractLoginModule

name, OPTION_REALM, OPTION_SKIP_ON_PREVIOUS_SUCCESS, OPTION_USE_REALM_CALLBACK, options, pswd, realm, sharedState, STATUS, STATUS_FAILED, STATUS_SKIPPED, STATUS_SUCCEDED, STATUS_SUCCEEDED, STATUS_UNAVAILABLE, success, TRY_FIRST_PASS, TRY_MAPPED_PASS, USE_FIRST_PASS, USE_MAPPED_PASS, useRealmCallback

Constructor Summary

CASAuthenticationModule()

Method Summary

protected void	addGroups(java.lang.String[] groups) Set the list of groups, info.magnolia.jaas.principal.GroupList.
protected void	addRoles(java.lang.String[] roles) Set the list of roles, info.magnolia.jaas.principal.RoleList.
boolean	commit()
info.magnolia.cms.security.User	getUser()
void	initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
boolean	login()
boolean	release()
void	setACL()
void	setEntity()
void	validateUser()

Methods inherited from class info.magnolia.jaas.sp.AbstractLoginModule

abort, addGroupName, addRoleName, getGroupNames, getRoleNames, getSharedStatus, getSkip, logout, setGroupNames, setRoleNames, setSharedStatus

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface javax.security.auth.spi.LoginModule

abort, logout

Field Detail

subject

protected javax.security.auth.Subject subject

callbackHandler

protected javax.security.auth.callback.CallbackHandler callbackHandler

casValidateUrl

protected java.lang.String casValidateUrl

service

protected java.lang.String service

principal

protected org.jasig.cas.client.authentication.AttributePrincipal principal

user

protected info.magnolia.cms.security.User user

log

protected org.slf4j.Logger log

Constructor Detail

CASAuthenticationModule

public CASAuthenticationModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Specified by:

initialize in interface javax.security.auth.spi.LoginModule

Overrides:

initialize in class info.magnolia.jaas.sp.AbstractLoginModule

Parameters:

subject -

callbackHandler -

sharedState -

options - can contain

• cas_validate_url (required)
• service (optional)

login

public boolean login()
              throws javax.security.auth.login.LoginException

Specified by:

login in interface javax.security.auth.spi.LoginModule

Overrides:

login in class info.magnolia.jaas.sp.AbstractLoginModule

Throws:

javax.security.auth.login.LoginException

validateUser

public void validateUser()
                  throws javax.security.auth.login.LoginException

Specified by:

validateUser in class info.magnolia.jaas.sp.AbstractLoginModule

Throws:

javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException

Specified by:

commit in interface javax.security.auth.spi.LoginModule

Overrides:

commit in class info.magnolia.jaas.sp.AbstractLoginModule

Throws:

javax.security.auth.login.LoginException

getUser

public info.magnolia.cms.security.User getUser()

Specified by:

getUser in interface info.magnolia.jaas.sp.UserAwareLoginModule

release

public boolean release()

Specified by:

release in class info.magnolia.jaas.sp.AbstractLoginModule

setACL

public void setACL()

Specified by:

setACL in class info.magnolia.jaas.sp.AbstractLoginModule

setEntity

public void setEntity()

Specified by:

setEntity in class info.magnolia.jaas.sp.AbstractLoginModule

addGroups

protected void addGroups(java.lang.String[] groups)

Set the list of groups, info.magnolia.jaas.principal.GroupList.

Parameters:

groups - array of group names

addRoles

protected void addRoles(java.lang.String[] roles)

Set the list of roles, info.magnolia.jaas.principal.RoleList.

Parameters:

roles - array of role names