Before you try to use the CASValidateFilter, consider whether the basic CASFilter would better suit your needs. CASFilter provides a standard distribution of the most frequently needed CASification behaviors for Java webapps.
...
In this case, the filter will perform ticket validation on the URL /webapp/Login if a service ticket is present. Unlike CASFilter, CASValidateFilter will just let the request right through without performing any CAS authentcation if a service ticket is not presented on the request.
...
init-param | usage |
|---|---|
edu.yale.its.tp.cas.client.filter.proxyCallbackUrl | to obtain a Proxy Granting Ticket and thereby have your application proxy authentication to other services, you'll need to specify an http: URL where you'd like PGT, PGTIOU pairs sent. This will typically be a URL you've mapped to an instance of the ProxyTicketReceptor servlet. |
edu.yale.its.tp.cas.client.filter.authorizedProxy | to allow the filter to accept proxy tickets, you need to specify valid proxies through which the authorization must have proceeded. This initialization parameter accepts a whitespace-delimited list of valid proxy URLs. Only one URL needs to match for the login to be successful. Note that if you do want to accept proxy tickets, you will have to change the validateUrl above to proxyValidate rather than serviceValidate |
edu.yale.its.tp.cas.client.filter.renew | if set to the string, true, this is the equivalent of authenticating a ticket with renew=true passed as a parameter. This may be used for high-security applications where the user must enter his/her credentials again before accessing the filtered URLs. |
edu.yale.its.tp.cas.client.filter.wrapRequest | if set to the string "true" the CASFilter will wrap the request such that calls to getRemoteUser() return the authenticated username. |
...