/
Apache Wicket CAS Client

Apache Wicket CAS Client

Apr 29, 2013

Basic CAS client developed on Apache Wicket 1.5.2. Only handles authentication (not authorization strategy). Pages which need to have a CAS authentication just have to extend this class.

 

import java.io.Serializable;

import javax.servlet.http.HttpServletRequest;

import org.apache.wicket.Session;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.pages.RedirectPage;
import org.apache.wicket.model.IModel;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.request.IRequestParameters;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.util.string.StringValue;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;

/**
* Basic CAS authenticated web page for Wicket 1.5.2. <br/>
* Just import this class into your project <br/>
* . All cassified pages have to extend this class<br/>
* <br/>
*
* @author Alexandre de Pellegrin - ESSEC Business School
*
*/
public class CasAuthenticatedWebPage extends WebPage {

/** Session key which indicates if the user is already authenticated */
private static final String SSO_FLAG_AUTHENTICATED = "SSO_FLAG_AUTHENTICATED";

/** URL parameter to retrieve the CAS service ticket */
private static final String SSO_TICKET_URL_PARAM = "ticket";

/** Session key to get the currently authenticated user name */
private static final String SSO_USER_NAME = "SSO_USER_NAME";

/** Internal stuff */
private static final String BLANK_STRING = "";

/**
* Your CAS server base URL. Don't forget to change it. Ex :
* https://my_cas_server/cas/"
*/
public static String SSO_CAS_BASE_URL = "https://my_cas_server/cas/";

/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated
public CasAuthenticatedWebPage() {
super();
//throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}

/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated
public CasAuthenticatedWebPage(IModel<?> model) {
super(model);
//throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}

/**
* Default constructor
*
* @param parameters
*/
public CasAuthenticatedWebPage(PageParameters parameters) {
super(parameters);
}

@Override
protected void onBeforeRender() {
super.onBeforeRender();
if (isTicketToValidate()) {
boolean isValidated = validateTicket();
if (isValidated) {
reloadPage();
return;
}
}
if (!isAuthenticated()) {
redirectToLoginPage();
}
}

/**
* @return true if the user has already been authenticated on the CAS server
*/
private boolean isAuthenticated() {
Session session = getSession();
Serializable value = session.getAttribute(SSO_FLAG_AUTHENTICATED);
if (value != null) {
return true;
}
return false;
}

/**
* Redirect to the CAS login page
*/
private void redirectToLoginPage() {
String pageURL = getPagePublicURL();
RedirectPage redirectPage = new RedirectPage(SSO_CAS_BASE_URL + "/login?service=" + pageURL);
setResponsePage(redirectPage);
}

/**
* Reload page without the service ticket to avoid multiple submit with the same ticket
*/
private void reloadPage() {
String pageURL = getPagePublicURL();
RedirectPage redirectPage = new RedirectPage(pageURL);
setResponsePage(redirectPage);
}


/**
* @return the authenticated principal name
*/
public String getUser() {
Session session = getSession();
Serializable value = session.getAttribute(SSO_USER_NAME);
return value + BLANK_STRING;
}

/**
* @return true if there's a CAS service ticket in the current request
*/
private boolean isTicketToValidate() {
StringValue ticketValue = getTicket();
if (!ticketValue.isNull()) {
return true;
}
return false;
}

/**
* @return the current CAS service ticket
*/
private StringValue getTicket() {
RequestCycle requestCycle = RequestCycle.get();
Request request = requestCycle.getRequest();
IRequestParameters queryParameters = request.getQueryParameters();
StringValue ticketValue = queryParameters.getParameterValue(SSO_TICKET_URL_PARAM);
return ticketValue;
}

/**
* Validates the CAS service ticket on the CAS server
*/
private boolean validateTicket() {
StringValue ticket = getTicket();
if (ticket.isNull()) {
return false;
}
String ticketValue = ticket.toString();
String pageURL = getPagePublicURL();
try {
Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(SSO_CAS_BASE_URL);
Assertion assertion = ticketValidator.validate(ticketValue, pageURL);
AttributePrincipal principal = assertion.getPrincipal();
String user = principal.getName();
Session session = getSession();
session.setAttribute(SSO_FLAG_AUTHENTICATED, Boolean.TRUE);
session.setAttribute(SSO_USER_NAME, user);
return true;
} catch (TicketValidationException e) {
getSession().invalidate();
}
return false;
}

/**
* @return the url of this page as seen by the browser
*/
private String getPagePublicURL() {
RequestCycle requestCycle = RequestCycle.get();
ServletWebRequest servletWebRequest = (ServletWebRequest) requestCycle.getRequest();
HttpServletRequest containerRequest = servletWebRequest.getContainerRequest();
String requestURL = containerRequest.getRequestURL().toString();
return requestURL;
}

}