Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
titleA poor man's diagram
Note
iconfalse
titleHttpServletRequest

An HttpServletRequest addressed to the Logon Controller representing a request for authentication.

enters the

Warning
iconfalse
titleLogon Controller

Controller which examines the request and applies some logic.

Logon controller applies an

Tip
iconfalse
titleAuthenticationRequestBinder

Translates from an HttpServletRequest to an AuthenticationRequest.

Code Block
/**
 * Interface for components that know how to extract from HttpServletRequest
 * whatever it is that constitutes actual arguments of the request for authentication.
 */
public interface AuthenticationRequestBinder {

    /**
     * Parse an HttpServletRequest and extract from it whatever it is that is necessary as input to the AuthenticationHandler
     * which will examine the request for authentication represented by the HttpServletRequest. Return an Object
     * encapsulating that extracted information.  Specific implementations will return specific objects which in turn specific
     * AuthenticationHandler implementations will expect and consume.
     * @returns an object representing the relevant information for the authentication request
     * @throws RuntimeException - indicates failure
     */
   Object authenticationRequestFromHttpServletRequest(HttpServletRequest httpServletRequest);

   /**
    * Returns true if authenticationRequestFromHttpServletRequest() will return an Object for the given
    * argument.  Returns false if this other method will throw a RuntimeException for the given argument.
    *
    * This method exists to allow a client of this class to efficiently determine whether it should use this
    * AuthenticationRequestBinder or whether doing so will only throw a costly exception.
    */
   boolean supports(HttpServletRequest httpServletRequest);

}

Once the Logon Controller has applied its AuthenticationRequestBinder, it has an AuthenticationRequest in hand. It then passes that AuthenticationRequest to an AuthenticationHandler (or it passes it more generally into the CAS engine, which will return a TicketGrantingTicket, a Cookie representation of which the Logon Controller will then store back into the user's browser. The purpose of this page is to explore the path of the AuthenticationRequest more than to nail down exactly the Logon Controller implementation).

So the AuthenticationRequest is an argument to the AuthenticationHandler:

Tip
iconfalse
titleAuthenticationHandler

An AuthenticationHandler examines an AuthenticationRequest and returns either an AuthenticationResult which either indicates the authenticated Principal (and additional information about the successful authentication) or which indicates an authentication failure (and additional information about the nature of the failure).

Our AuthenticationRequest has been transformed into an AuthenticationResult which CAS stores in the data associated with a GrantingTicket that it issues on the basis of this authentication.

Implementation notes

Note
iconfalse
titleAuthenticationRequest, marker interfaces, and POJOs

I use the term AuthenticationRequest here in the interest of ubiquitous language and calling things what they are. I continue to prefer at an implementation level that we let these be just plain old Objects and not require that they implement a marker interface because doing so will allow a particular AuthenticationRequestBinder and AuthenticationHandler pair to agree to use any arbitrary Object one has lying around that meets the need and not have to wrap it with a CAS-specific AuthenticationHandler interface that adds no methods. My own preference. -~awp9

...