...
import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.Session;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.pages.RedirectPage;
import org.apache.wicket.model.IModel;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.request.IRequestParameters;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.util.string.StringValue;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
/**
* Basic CAS authenticated web page for Wicket 1.5.2. <br/>
* Just import this class into your project <br/>
* . All cassified pages have to extend this class<br/>
* <br/>
*
* @author Alexandre de Pellegrin - ESSEC Business School
*
*/
public class CasAuthenticatedWebPage extends WebPage {
/** Session key which indicates if the user is already authenticated */
privateprivate static final String SSO_FLAG_AUTHENTICATED = "SSO_FLAG_AUTHENTICATED";
/** URL parameter to retrieve the CAS service ticket */
privateprivate static final String SSO_TICKET_URL_PARAM = "ticket";
/** Session key to get the currently authenticated user name */
privateprivate static final String SSO_USER_NAME = "SSO_USER_NAME";
/** Internal stuff */
privateprivate static final String BLANK_STRING = "";
/**
* Your CAS server base URL. Don't forget to change it. Ex :
* https://my_cas_server/cas/"
*/
publicpublic static String SSO_CAS_BASE_URL = "https://my_cas_server/cas/";
/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated@Deprecated
publicpublic CasAuthenticatedWebPage() {
supersuper();
//throw throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}
/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated@Deprecated
publicpublic CasAuthenticatedWebPage(IModel<?> model) {
supersuper(model);
throw //throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}
/**
* Default constructor
*
* @param parameters
*/
publicpublic CasAuthenticatedWebPage(PageParameters parameters) {
supersuper(parameters);
} @Override
@Override
protectedprotected void onBeforeRender() {
supersuper.onBeforeRender();
ifif (isTicketToValidate()) {
validateTicket
boolean isValidated = validateTicket();
if (isValidated) {
reloadPage();
return;
}
}
ifif (!isAuthenticated()) {
redirectToLoginPageredirectToLoginPage();
}
}
/**
* @return true if the user has already been authenticated on the CAS server
*/
privateprivate boolean isAuthenticated() {
SessionSession session = getSession();
SerializableSerializable value = session.getAttribute(SSO_FLAG_AUTHENTICATED);
ifif (value != null) {
return return true;
}
return return false;
}
/**
* Redirect to the CAS login page
*/
privateprivate void redirectToLoginPage() {
StringString pageURL = getPagePublicURL();
RedirectPageRedirectPage redirectPage = new RedirectPage(SSO_CAS_BASE_URL + "/login?service=" + pageURL);
setResponsePage(redirectPage);
}
/**
* Reload page without the service ticket to avoid multiple submit with the same ticket
*/
private void reloadPage() {
String pageURL = getPagePublicURL();
setResponsePage RedirectPage redirectPage = new RedirectPage(pageURL);
setResponsePage(redirectPage);
}
/**
* @return the authenticated principal name
*/
publicpublic String getUser() {
SessionSession session = getSession();
SerializableSerializable value = session.getAttribute(SSO_USER_NAME);
returnreturn value + BLANK_STRING;
}
/**
* @return true if there's a CAS service ticket in the current request
*/
privateprivate boolean isTicketToValidate() {
StringValue StringValue ticketValue = getTicket();
if if (!ticketValue.isNull()) {
returnreturn true;
}
returnreturn false;
}
/**
* @return the current CAS service ticket
*/
privateprivate StringValue getTicket() {
RequestCycle RequestCycle requestCycle = RequestCycle.get();
Request Request request = requestCycle.getRequest();
IRequestParameters IRequestParameters queryParameters = request.getQueryParameters();
StringValue StringValue ticketValue = queryParameters.getParameterValue(SSO_TICKET_URL_PARAM);
return return ticketValue;
}
/**
* Validates the CAS service ticket on the CAS server
*/
privateprivate voidboolean validateTicket() {
StringValueStringValue ticket = getTicket();
ifif (ticket.isNull()) {
return returnfalse;
}
StringString ticketValue = ticket.toString();
StringString pageURL = getPagePublicURL();
trytry {
Cas20ServiceTicketValidator Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(SSO_CAS_BASE_URL);
AssertionAssertion assertion = ticketValidator.validate(ticketValue, pageURL);
AttributePrincipalAttributePrincipal principal = assertion.getPrincipal();
String String user = principal.getName();
SessionSession session = getSession();
sessionsession.setAttribute(SSO_FLAG_AUTHENTICATED, Boolean.TRUE);
sessionsession.setAttribute(SSO_USER_NAME, user);
return true;
} catch (TicketValidationException e) {
getSessiongetSession().invalidate();
}
return }false;
}
/**
* @return the url of this page as seen by the browser
*/
privateprivate String getPagePublicURL() {
RequestCycle RequestCycle requestCycle = RequestCycle.get();
ServletWebRequest ServletWebRequest servletWebRequest = (ServletWebRequest) requestCycle.getRequest();
HttpServletRequest HttpServletRequest containerRequest = servletWebRequest.getContainerRequest();
String String requestURL = containerRequest.getRequestURL().toString();
return return requestURL;
}
}