Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What Are Pre-Authentication Plugins?

Sometimes, you need to execute code before the authentication kicks in. An example of this would be confirming a CAPTCHA image.

In CAS3, the mechanism to do this was an AbstractPreAndPostProcessingAuthenticationHandler. The issue with that was that you had to code one for EACH authentication handler instead of the entire authentication process. In CAS4, that's been replaced with the notion of a PreAuthenticationPlugin:

Code Block
titlePreAuthenticationPlugin.java
borderStylesolid

/**
 * Copyright (C) 2009 Jasig, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.jasig.cas.server;

import org.jasig.cas.server.login.LoginRequest;
import org.jasig.cas.server.login.LoginResponse;
import org.jasig.cas.server.authentication.AuthenticationResponse;

/**
 * Defines actions that occur before authentication.
 * <p>
 * Replacement for the AbstractPreAndPostAuthenticationHandler.
 *
 * @author Scott Battaglia
 * @version $Revision$ $Date$
 * @since 4.0.0
 */
public interface PreAuthenticationPlugin {

    /**
     * Determines whether we should continue with authentication or not.
     *
     * @param loginRequest the login request, CANNOT be null.
     * @return a login response if we should stop processing.  NULL if we should continue.
     */
    LoginResponse continueWithAuthentication(LoginRequest loginRequest);
}

The PreAuthenticationPlugin executes before authentication executes. It allows you to do some action before authenticating, and then return before authentication executes.

Configuring Your Own

The DefaultCentralAuthenticationServiceImpl looks for any existing plugins via the Spring auto-wiring mechanism. If you have no concerns about specific ordering of plugins, you can configure your plugin in one of two ways:

  1. Use the @Component annotation on your plugin, which tells Spring to instanciate the object.
  2. Add a bean definition to your Spring XML configuration files.

In both cases, without explicitly telling the DefaultCentralAuthenticationServiceImpl, it will find and associate the appropriate plugins.