public class CasLoginModule extends Object implements LoginModule
TicketValidator
component
for authentication, and on success populates a Subject
with principal
data including NetID and principal attributes. The module expects to be provided
with the CAS ticket (required) and service (optional) parameters via
PasswordCallback
and NameCallback
, respectively, by the
CallbackHandler
that is part of the JAAS framework in which the servlet
resides.
Module configuration options:
Module options not explicitly listed above are treated as attributes of the
given ticket validator class, e.g. tolerance
in the following example.
Sample jaas.config file entry for this module:
cas { org.jasig.cas.client.jaas.CasLoginModule required ticketValidatorClass="org.jasig.cas.client.validation.Saml11TicketValidator" casServerUrlPrefix="https://cas.example.com/cas" tolerance="20000" service="https://webapp.example.com/webapp" defaultRoles="admin,operator" roleAttributeNames="memberOf,eduPersonAffiliation" principalGroupName="CallerPrincipal" roleGroupName="Roles"; }
Modifier and Type | Field and Description |
---|---|
protected Assertion |
assertion
CAS assertion
|
protected static Map<TicketCredential,Assertion> |
ASSERTION_CACHE
Stores mapping of ticket to assertion to support JAAS providers that
attempt to periodically re-authenticate to renew principal.
|
protected boolean |
cacheAssertions
Enables or disable assertion caching
|
protected static Executor |
cacheCleanerExecutor
Executor responsible for assertion cache cleanup
|
protected int |
cacheTimeout
Assertion cache timeout in minutes
|
protected CallbackHandler |
callbackHandler
JAAS callback handler
|
static int |
DEFAULT_CACHE_TIMEOUT
Default assertion cache timeout in minutes.
|
static String |
DEFAULT_PRINCIPAL_GROUP_NAME
Default group name for storing caller principal.
|
static String |
DEFAULT_ROLE_GROUP_NAME
Default group name for storing role membership data.
|
protected String[] |
defaultRoles
Roles to be added to all authenticated principals by default
|
protected org.apache.commons.logging.Log |
log
Logger instance
|
static String |
LOGIN_NAME
Constant for login name stored in shared state.
|
protected String |
principalGroupName
Name of JAAS Group containing caller principal
|
protected Set<String> |
roleAttributeNames
Names of attributes in the CAS assertion that should be used for role data
|
protected String |
roleGroupName
Name of JAAS Group containing role data
|
protected String |
service
CAS service parameter used if no service is provided via TextCallback on login
|
protected Map<String,Object> |
sharedState
Login module shared state
|
protected Subject |
subject
JAAS authentication subject
|
protected TicketCredential |
ticket
CAS ticket credential
|
protected TicketValidator |
ticketValidator
CAS ticket validator
|
Constructor and Description |
---|
CasLoginModule() |
public static final String LOGIN_NAME
public static final String DEFAULT_PRINCIPAL_GROUP_NAME
public static final String DEFAULT_ROLE_GROUP_NAME
public static final int DEFAULT_CACHE_TIMEOUT
protected static final Map<TicketCredential,Assertion> ASSERTION_CACHE
protected static Executor cacheCleanerExecutor
protected final org.apache.commons.logging.Log log
protected Subject subject
protected CallbackHandler callbackHandler
protected TicketValidator ticketValidator
protected String service
protected Assertion assertion
protected TicketCredential ticket
protected String[] defaultRoles
protected Set<String> roleAttributeNames
protected String principalGroupName
protected String roleGroupName
protected boolean cacheAssertions
protected int cacheTimeout
public void initialize(Subject subject, CallbackHandler handler, Map<String,?> state, Map<String,?> options)
initialize
in interface LoginModule
subject
- Authentication subject.handler
- Callback handler.state
- Shared state map.options
- Login module options. The following are supported:
public boolean login() throws LoginException
login
in interface LoginModule
LoginException
public boolean abort() throws LoginException
abort
in interface LoginModule
LoginException
public boolean commit() throws LoginException
commit
in interface LoginModule
LoginException
public boolean logout() throws LoginException
logout
in interface LoginModule
LoginException
Copyright © 2006-2013 Jasig. All Rights Reserved.