Class CASFilter

  • All Implemented Interfaces:
    javax.servlet.Filter

    public class CASFilter
    extends Object
    implements javax.servlet.Filter

    Protects web-accessible resources with CAS.

    The following filter initialization parameters are declared in web.xml:

    • edu.yale.its.tp.cas.client.filter.loginUrl: URL to login page on CAS server. (Required)
    • edu.yale.its.tp.cas.client.filter.validateUrl: URL to validation URL on CAS server. (Required)
    • edu.yale.its.tp.cas.client.filter.serviceUrl: URL of this service. (Required if serverName is not specified)
    • edu.yale.its.tp.cas.client.filter.serverName: full hostname with port number (e.g. www.foo.com:8080). Port number isn't required if it is standard (80 for HTTP, 443 for HTTPS). (Required if serviceUrl is not specified)
    • edu.yale.its.tp.cas.client.filter.authorizedProxy: whitespace-delimited list of valid proxies through which authentication may have proceeded. One one proxy must match. (Optional. If nothing is specified, the filter will only accept service tickets – not proxy tickets.)
    • edu.yale.its.tp.cas.client.filter.renew: value of CAS "renew" parameter. Bypasses single sign-on and requires user to provide CAS with his/her credentials again. (Optional. If nothing is specified, this defaults to false.)
    • edu.yale.its.tp.cas.client.filter.wrapRequest: wrap the HttpServletRequest object, overriding the getRemoteUser() method. When set to "true", request.getRemoteUser() will return the username of the currently logged-in CAS user. (Optional. If nothing is specified, this defaults to false.)

    The logged-in username is set in the session attribute defined by the value of CAS_FILTER_USER and may be accessed from within your application either by setting wrapRequest and calling request.getRemoteUser(), or by calling session.getAttribute(CASFilter.CAS_FILTER_USER).

    Author:
    Shawn Bayern
    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig config)
                  throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                             javax.servlet.ServletResponse response,
                             javax.servlet.FilterChain fc)
                      throws javax.servlet.ServletException,
                             IOException
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException
        IOException
      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter