Page Comparison

In Confluence, there are some paths that you really don't want to use with CAS. The SOAP/XML-RPC interface, for example is located at path /rpc. SOAP and XML-RPC client programs can't CAS-authenticate, so applying CAS to this path makes the API inaccessible. The Java servlet specification doesn't provide a means to apply a filter to all URLs except those matching a pattern. This makes it difficult to apply a filter like CASFilter to only some of the paths in Confluence. It seems unwise and manageable to try to identify all of the paths that should use CAS and apply the CASFilter only to those paths.

Providing an easy-to-configure CAS bypass capability was accomplished by subclassing CASFilter. The ConfluenceCasFilter provided in this package uses filter initialization parameters to identify paths (e.g. /rpc) that should bypass CAS. When a request is made for a URL that matches one of the defined bypass prefixes, ConfluenceCasFilter sets the CAS_FILTER_BYPASS attribute in the session context and bypasses the CASFilter. For all other requests, ConfluenceCasFilter delegates the real authentication work to CASFilter.