public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; /** * <p>Workaround for now for the fact that Spring Security will fail since it doesn't call {@link #init(javax.servlet.FilterConfig)}.</p> * <p>Ultimately we need to allow deployers to actually inject their fully-initialized {@link org.jasig.cas.client.session.SingleSignOutHandler}.</p> */ if (!this.handlerInitialized.getAndSet(true)) { HANDLER.init(); } if (HANDLER.process(request, response)) { filterChain.doFilter(servletRequest, servletResponse); } }
public void setArtifactParameterName(final String name) { this.handler.setArtifactParameterName(name); }
public void setLogoutParameterName(final String name) { HANDLER.setLogoutParameterName(name); }
@Test public void tokenRequestOK() { final MockHttpSession session = new MockHttpSession(); request.setSession(session); request.setParameter(ARTIFACT_PARAMETER_NAME, TICKET); request.setQueryString(ARTIFACT_PARAMETER_NAME + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertEquals(session, storage.removeSessionByMappingId(TICKET)); }
@Before public void setUp() throws Exception { handler = new SingleSignOutHandler(); handler.setLogoutParameterName(LOGOUT_PARAMETER_NAME); handler.setRelayStateParameterName(RELAY_STATE_PARAMETER_NAME); handler.setArtifactParameterName(ARTIFACT_PARAMETER_NAME); handler.setCasServerUrlPrefix(URL); handler.init(); request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); }
/** * Obtains a {@link SessionMappingStorage} object. Assumes this method will always return the same * instance of the object. It assumes this because it generally lazily calls the method. * * @return the SessionMappingStorage */ protected static SessionMappingStorage getSessionMappingStorage() { return SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage(); } }
public void init(final FilterConfig filterConfig) throws ServletException { if (!isIgnoreInitConfiguration()) { handler.setArtifactParameterName(getPropertyFromInitParams(filterConfig, "artifactParameterName", "ticket")); handler.setLogoutParameterName(getPropertyFromInitParams(filterConfig, "logoutParameterName", "logoutRequest")); } handler.init(); }
@Test public void tokenRequestFailsIfNoSession() { handler.setEagerlyCreateSessions(false); request.setSession(null); request.setParameter(ARTIFACT_PARAMETER_NAME, TICKET); request.setQueryString(ARTIFACT_PARAMETER_NAME + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertNull(storage.removeSessionByMappingId(TICKET)); }
protected String getPreAuthenticatedPrincipal(HttpServletRequest request) { String principal = super.getPreAuthenticatedPrincipal(request); HttpSession session = request.getSession(false); if (principal != null && session != null) { session.setAttribute( GeoServerCasConstants.CAS_ASSERTION_KEY, request.getAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY)); request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); getHandler().process(request, null); } if (principal == null) { request.removeAttribute(GeoServerCasConstants.CAS_ASSERTION_KEY); } return principal; }
/** {@inheritDoc} */ protected void startInternal() throws LifecycleException { super.startInternal(); logger.info("Starting..."); this.handler.init(); logger.info("Startup completed."); } }
@Test public void backChannelLogoutRunsIfPathEqualsLogoutPath() { handler.setLogoutCallbackPath("/logout"); request.setServletPath("/logout"); final MockHttpSession session = doBackChannelLogout(); assertFalse(handler.process(request, response)); assertTrue(session.isInvalid()); }
public void setSessionMappingStorage(final SessionMappingStorage storage) { this.handler.setSessionMappingStorage(storage); }
public void setLogoutCallbackPath(String logoutCallbackPath) { this.handler.setLogoutCallbackPath(logoutCallbackPath); }
public void setCasServerUrlPrefix(final String casServerUrlPrefix) { this.handler.setCasServerUrlPrefix(casServerUrlPrefix); }
public void setRelayStateParameterName(final String name) { this.handler.setRelayStateParameterName(name); }
public void init(final FilterConfig filterConfig) throws ServletException { super.init(filterConfig); if (!isIgnoreInitConfiguration()) { setArtifactParameterName(getString(ConfigurationKeys.ARTIFACT_PARAMETER_NAME)); setLogoutParameterName(getString(ConfigurationKeys.LOGOUT_PARAMETER_NAME)); setRelayStateParameterName(getString(ConfigurationKeys.RELAY_STATE_PARAMETER_NAME)); setCasServerUrlPrefix(getString(ConfigurationKeys.CAS_SERVER_URL_PREFIX)); setLogoutCallbackPath(getString(ConfigurationKeys.LOGOUT_CALLBACK_PATH)); HANDLER.setArtifactParameterOverPost(getBoolean(ConfigurationKeys.ARTIFACT_PARAMETER_OVER_POST)); HANDLER.setEagerlyCreateSessions(getBoolean(ConfigurationKeys.EAGERLY_CREATE_SESSIONS)); } HANDLER.init(); handlerInitialized.set(true); }
@Test public void tokenRequestFailsIfBadParameter() { final MockHttpSession session = new MockHttpSession(); request.setSession(session); request.setParameter(ANOTHER_PARAMETER, TICKET); request.setQueryString(ANOTHER_PARAMETER + "=" + TICKET); assertTrue(handler.process(request, response)); final SessionMappingStorage storage = handler.getSessionMappingStorage(); assertNull(storage.removeSessionByMappingId(TICKET)); }
/** * Obtains a {@link SessionMappingStorage} object. Assumes this method will always return the same * instance of the object. It assumes this because it generally lazily calls the method. * * @return the SessionMappingStorage */ protected static SessionMappingStorage getSessionMappingStorage() { return SingleSignOutFilter.getSingleSignOutHandler().getSessionMappingStorage(); } }
/** {@inheritDoc} */ public void invoke(final Request request, final Response response) throws IOException, ServletException { if (this.handler.process(request, response)) { getNext().invoke(request, response); } }
/** {@inheritDoc} */ public void start() throws LifecycleException { super.start(); this.handler.init(); logger.info("Startup completed."); }