...
To fully understand a gateway request see http://www.ja-sigjasig.org/products/cas/client-integration/gateway/index.html
Configuration of Filters
Assuming you have a standard web site layout, with protected and unprotected areas, you will need to two authentication filters and one validation filter.
...
- web.xml - defines your web container.
- securityConfiguration.xml - defines the spring beans.
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
...
<filter>
<filter-name>Gateway Authentication Filter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>gatewayAuthenticationFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>casNonGatewayAuthenticationFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>casValidationFilter</param-value>
</init-param>
</filter>
...
<!-- Gateway Authentication Filter -->
<filter-mapping>
<filter-name>Gateway Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Non-Gateway Authentication Filter -->
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/protected/*</url-pattern>
</filter-mapping>
<!-- Validation Filter -->
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
|
| Code Block | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
...
<!-- Gateway Authentication Filter Bean -->
<bean id="casGatewayAuthenticationFilter"
class="org.jasig.cas.client.web.filter.AuthenticationFilter">
<!-- serverName of client to construct serviceURL eg:"thisServer.myDomain.net" -->
<constructor-arg index="0" value="${cas.client.serverName}"/>
<!-- serviceUrl of client: either provide serverName or serviceUrl -->
<constructor-arg index="1">
<null/>
</constructor-arg>
<!-- CAS server loginUrl -->
<constructor-arg index="2" value="${cas.server.url}login"/>
<!-- renew? -->
<constructor-arg index="3" value="false"/>
<!-- gateway? -->
<constructor-arg index="4" value="true"/>
</bean>
<!-- Non-Gateway Authentication Filter Bean -->
<bean id="casNonGatewayAuthenticationFilter"
class="org.jasig.cas.client.web.filter.AuthenticationFilter">
<!-- serverName of client to construct serviceURL eg:"thisServer.myDomain.net" -->
<constructor-arg index="0" value="${cas.client.serverName}"/>
<!-- serviceUrl of client: either provide serverName or serviceUrl -->
<constructor-arg index="1">
<null/>
</constructor-arg>
<!-- CAS server loginUrl -->
<constructor-arg index="2" value="${cas.server.url}login"/>
<!-- renew? -->
<constructor-arg index="3" value="false"/>
<!-- gateway? -->
<constructor-arg index="4" value="false"/>
</bean>
<!-- Validation Filter Bean -->
<bean id="casValidationFilter"
class="org.jasig.cas.client.web.filter.TicketValidationFilter">
<constructor-arg index="0" value="${cas.client.serverName}" />
<constructor-arg index="1">
<null />
</constructor-arg>
<constructor-arg index="2" value="true" />
<!-- ticketValidator implementation (defines protocol version to be used) -->
<constructor-arg index="3" ref="ticketValidator" />
<constructor-arg index="4" value="true" />
</bean>
...
|
...
A simplistic view of a gateway called call when user does not have a validate CAS session.
A simplistic view of a gateway called call when user does have a validate CAS session.
