Serviceparametername-specifies the name of the Request Parameter on where to find the Service (I. e. "service ").public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { if (!preFilter(servletRequest, servletResponse, filterChain)) { return; } final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName()); if (CommonUtils.isNotBlank(ticket)) { if (log.isDebugEnabled()) { log.debug("Attempting to validate ticket: " + ticket); } try { final Assertion assertion = this.ticketValidator.validate(ticket, constructServiceUrl(request, response)); if (log.isDebugEnabled()) { log.debug("Successfully authenticated user: " + assertion.getPrincipal().getName()); } request.setAttribute(CONST_CAS_ASSERTION, assertion); if (this.useSession) { request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion); } onSuccessfulValidation(request, response, assertion); if (this.redirectAfterValidation) { log. debug("Redirecting after successful ticket validation."); response.sendRedirect(constructServiceUrl(request, response)); return; } } catch (final TicketValidationException e) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); log.warn(e, e); onFailedValidation(request, response); if (this.exceptionOnValidationFailure) { throw new ServletException(e); } return; } } filterChain.doFilter(request, response); }
Before verification, You Need To: if the request parameters contain pgtid and pgtiou, you only need to cache the ing relationship between pgtio and pgtid.
protected final boolean preFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; final String requestUri = request.getRequestURI(); if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl)) { return true; } try { CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage); } catch (final RuntimeException e) { log.error(e.getMessage(), e); throw e; } return false; }
public static void readAndRespondToProxyReceptorRequest(final HttpServletRequest request, final HttpServletResponse response, final ProxyGrantingTicketStorage proxyGrantingTicketStorage) throws IOException { final String proxyGrantingTicketIou = request.getParameter(PARAM_PROXY_GRANTING_TICKET_IOU);final String proxyGrantingTicket = request.getParameter(PARAM_PROXY_GRANTING_TICKET);if (CommonUtils.isBlank(proxyGrantingTicket) || CommonUtils.isBlank(proxyGrantingTicketIou)) { response.getWriter().write(""); return;}proxyGrantingTicketStorage.save(proxyGrantingTicketIou, proxyGrantingTicket); response.getWriter().write("<?xml version=\"1.0\"?>");response.getWriter().write("<casClient:proxySuccess xmlns:casClient=\"http://www.yale.edu/tp/casClient\" />"); }
Verification class:
Protected final ticketvalidator partition (final filterconfig) {final string allowanyproxy = partition (filterconfig, "acceptanyproxy", null); final string partition = partition (filterconfig, "partition", null ); final string casserverurlprefix = getpropertyfrominitparams (filterconfig, "casserverurlprefix", null); Final cas20serv Iceticketvalidator validator; If (commonutils. isnotblank (allowanyproxy) | commonutils. isnotblank (allowedproxychains) {// The final cas20proxyticketvalidator v = new cas20proxyticketvalidator (casserverurlprefix); V. setacceptanyproxy (parseboolean (allowanyproxy); V. setallowedproxychains (commonutils. createproxylist (allowedproxychains); validator = V;} else {// proxy, that is, man-in-the-middle validator = new cas20service Ticketvalidator (casserverurlprefix);} validator. setproxycallbackurl (getpropertyfrominitparams (filterconfig, "proxycallbackurl", null); validator. setproxygrantingticketstorage (this. proxygrantingticketstorage); validator. setproxyretriever (New cas20proxyretriever (casserverurlprefix, getpropertyfrominitparams (filterconfig, "encoding", null); validator. setrenew (parseboolean (getpropertyfrominitparam S (filterconfig, "renew", "false"); validator. setencoding (getpropertyfrominitparams (filterconfig, "encoding", null); Final map <string, string> additionalparameters = new hashmap <string, string> (); final list <string> Params = arrays. aslist (reserved_init_params); For (final enumeration <?> E = filterconfig. getinitparameternames (); E. hasmoreelements ();) {final string S = (string) E. nextelement (); If (! Params. contains (s) {additionalparameters. put (S, filterconfig. getinitparameter (s) ;}} validator. setcustomparameters (additionalparameters); validator. sethostnameverifier (gethostnameverifier (filterconfig); Return validator ;}
Verification process:
public Assertion validate(final String ticket, final String service) throws TicketValidationException { final String validationUrl = constructValidationUrl(ticket, service); try { final String serverResponse = retrieveResponseFromServer(new URL(validationUrl), ticket); if (serverResponse == null) { throw new TicketValidationException("The CAS server returned no response."); } return parseResponseFromServer(serverResponse); } catch (final MalformedURLException e) { throw new TicketValidationException(e); } } protected final String constructValidationUrl(final String ticket, final String serviceUrl) { final Map<String,String> urlParameters = new HashMap<String,String>(); urlParameters.put("ticket", ticket); urlParameters.put("service", encodeUrl(serviceUrl)); if (this.renew) { urlParameters.put("renew", "true"); } populateUrlAttributeMap(urlParameters); if (this.customParameters != null) { urlParameters.putAll(this.customParameters); } urlParameters.put("pgtUrl", encodeUrl(this.proxyCallbackUrl)); final String suffix = getUrlSuffix(); final StringBuilder buffer = new StringBuilder(urlParameters.size()*10 + this.casServerUrlPrefix.length() + suffix.length() +1); int i = 0; buffer.append(this.casServerUrlPrefix); if (!this.casServerUrlPrefix.endsWith("/")) { buffer.append("/"); } buffer.append(suffix); for (Map.Entry<String,String> entry : urlParameters.entrySet()) { final String key = entry.getKey(); final String value = entry.getValue(); if (value != null) { buffer.append(i++ == 0 ? "?" : "&"); buffer.append(key); buffer.append("="); buffer.append(value); } } return buffer.toString(); } protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException { final String error = XmlUtils.getTextForElement(response, "authenticationFailure"); if (CommonUtils.isNotBlank(error)) { throw new TicketValidationException(error); } final String principal = XmlUtils.getTextForElement(response, "user"); final String proxyGrantingTicketIou = XmlUtils.getTextForElement(response, "proxyGrantingTicket"); final String proxyGrantingTicket = this.proxyGrantingTicketStorage != null ? this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou) : null; if (CommonUtils.isEmpty(principal)) { throw new TicketValidationException("No principal was found in the response from the CAS server."); } final Assertion assertion; final Map<String,Object> attributes = extractCustomAttributes(response); if (CommonUtils.isNotBlank(proxyGrantingTicket)) { final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes, proxyGrantingTicket, this.proxyRetriever); assertion = new AssertionImpl(attributePrincipal); } else { assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes)); } customParseResponse(response, assertion); return assertion; }