Class CasAuthenticationProvider

java.lang.Object
org.springframework.security.cas.authentication.CasAuthenticationProvider
All Implemented Interfaces:
org.springframework.beans.factory.Aware, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware, AuthenticationProvider

public class CasAuthenticationProvider extends Object implements AuthenticationProvider, org.springframework.beans.factory.InitializingBean, org.springframework.context.MessageSourceAware
An AuthenticationProvider implementation that integrates with JA-SIG Central Authentication Service (CAS).

This AuthenticationProvider is capable of validating CasServiceTicketAuthenticationToken requests which contain a principal name equal to either CasServiceTicketAuthenticationToken.CAS_STATEFUL_IDENTIFIER or CasServiceTicketAuthenticationToken.CAS_STATELESS_IDENTIFIER. It can also validate a previously created CasAuthenticationToken.

  • Field Details

    • messages

      protected org.springframework.context.support.MessageSourceAccessor messages
  • Constructor Details

    • CasAuthenticationProvider

      public CasAuthenticationProvider()
  • Method Details

    • afterPropertiesSet

      public void afterPropertiesSet()
      Specified by:
      afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean
    • authenticate

      public Authentication authenticate(Authentication authentication) throws AuthenticationException
      Description copied from interface: AuthenticationProvider
      Performs authentication with the same contract as AuthenticationManager.authenticate(Authentication) .
      Specified by:
      authenticate in interface AuthenticationProvider
      Parameters:
      authentication - the authentication request object.
      Returns:
      a fully authenticated object including credentials. May return null if the AuthenticationProvider is unable to support authentication of the passed Authentication object. In such a case, the next AuthenticationProvider that supports the presented Authentication class will be tried.
      Throws:
      AuthenticationException - if authentication fails.
    • loadUserByAssertion

      protected UserDetails loadUserByAssertion(org.apereo.cas.client.validation.Assertion assertion)
      Template method for retrieving the UserDetails based on the assertion. Default is to call configured userDetailsService and pass the username. Deployers can override this method and retrieve the user based on any criteria they desire.
      Parameters:
      assertion - The CAS Assertion.
      Returns:
      the UserDetails.
    • setUserDetailsService

      public void setUserDetailsService(UserDetailsService userDetailsService)
    • setAuthenticationUserDetailsService

      public void setAuthenticationUserDetailsService(AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService)
    • setUserDetailsChecker

      public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker)
      Sets the UserDetailsChecker to be used for checking the status of retrieved user details. This allows customization of the UserDetailsChecker implementation.
      Parameters:
      userDetailsChecker - the UserDetailsChecker to be set
      Since:
      6.4
    • setServiceProperties

      public void setServiceProperties(ServiceProperties serviceProperties)
    • getKey

      protected String getKey()
    • setKey

      public void setKey(String key)
    • getStatelessTicketCache

      public StatelessTicketCache getStatelessTicketCache()
    • getTicketValidator

      protected org.apereo.cas.client.validation.TicketValidator getTicketValidator()
    • setMessageSource

      public void setMessageSource(org.springframework.context.MessageSource messageSource)
      Specified by:
      setMessageSource in interface org.springframework.context.MessageSourceAware
    • setStatelessTicketCache

      public void setStatelessTicketCache(StatelessTicketCache statelessTicketCache)
    • setTicketValidator

      public void setTicketValidator(org.apereo.cas.client.validation.TicketValidator ticketValidator)
    • setAuthoritiesMapper

      public void setAuthoritiesMapper(GrantedAuthoritiesMapper authoritiesMapper)
    • supports

      public boolean supports(Class<?> authentication)
      Description copied from interface: AuthenticationProvider
      Returns true if this AuthenticationProvider supports the indicated Authentication object.

      Returning true does not guarantee an AuthenticationProvider will be able to authenticate the presented Authentication object. It simply indicates it can support closer evaluation of it. An AuthenticationProvider can still return null from the AuthenticationProvider.authenticate(Authentication) method to indicate another AuthenticationProvider should be tried.

      Selection of an AuthenticationProvider capable of performing authentication is conducted at runtime the ProviderManager.

      Specified by:
      supports in interface AuthenticationProvider
      Returns:
      true if the implementation can more closely evaluate the Authentication class presented