Skip to end of metadata
Go to start of metadata
Table of Contents

Basic CAS client developed on Apache Wicket 1.5.2. Only handles authentication (not authorization strategy). Pages which need to have a CAS authentication just have to extend this class.

 

import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.Session;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.pages.RedirectPage;
import org.apache.wicket.model.IModel;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.request.IRequestParameters;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.request.mapper.parameter.PageParameters;
import org.apache.wicket.util.string.StringValue;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
/**
* Basic CAS authenticated web page for Wicket 1.5.2. <br/>
* Just import this class into your project <br/>
* . All cassified pages have to extend this class<br/>
* <br/>
*
* @author Alexandre de Pellegrin - ESSEC Business School
*
*/
public class CasAuthenticatedWebPage extends WebPage {
/** Session key which indicates if the user is already authenticated */
private static final String SSO_FLAG_AUTHENTICATED = "SSO_FLAG_AUTHENTICATED";
/** URL parameter to retrieve the CAS service ticket */
private static final String SSO_TICKET_URL_PARAM = "ticket";
/** Session key to get the currently authenticated user name */
private static final String SSO_USER_NAME = "SSO_USER_NAME";
/** Internal stuff */
private static final String BLANK_STRING = "";
/**
* Your CAS server base URL. Don't forget to change it. Ex :
* https://my_cas_server/cas/"
*/
public static String SSO_CAS_BASE_URL = "https://my_cas_server/cas/";
/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated
public CasAuthenticatedWebPage() {
super();
//throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}
/**
* Use CasAuthenticatedWebPage(PageParameters parameters) instead
*/
@Deprecated
public CasAuthenticatedWebPage(IModel<?> model) {
super(model);
//throw new WicketRuntimeException("Constuctor disabled because we need to get the service ticket back from the CAS server");
}
/**
* Default constructor
*
* @param parameters
*/
public CasAuthenticatedWebPage(PageParameters parameters) {
super(parameters);
}
@Override
protected void onBeforeRender() {
super.onBeforeRender();
if (isTicketToValidate()) {
boolean isValidated = validateTicket();
if (isValidated) {
reloadPage();
return;
}
}
if (!isAuthenticated()) {
redirectToLoginPage();
}
}
/**
* @return true if the user has already been authenticated on the CAS server
*/
private boolean isAuthenticated() {
Session session = getSession();
Serializable value = session.getAttribute(SSO_FLAG_AUTHENTICATED);
if (value != null) {
return true;
}
return false;
}
/**
* Redirect to the CAS login page
*/
private void redirectToLoginPage() {
String pageURL = getPagePublicURL();
RedirectPage redirectPage = new RedirectPage(SSO_CAS_BASE_URL + "/login?service=" + pageURL);
setResponsePage(redirectPage);
}
/**
* Reload page without the service ticket to avoid multiple submit with the same ticket
*/
private void reloadPage() {
String pageURL = getPagePublicURL();
RedirectPage redirectPage = new RedirectPage(pageURL);
setResponsePage(redirectPage);
}

/**
* @return the authenticated principal name
*/
public String getUser() {
Session session = getSession();
Serializable value = session.getAttribute(SSO_USER_NAME);
return value + BLANK_STRING;
}
/**
* @return true if there's a CAS service ticket in the current request
*/
private boolean isTicketToValidate() {
StringValue ticketValue = getTicket();
if (!ticketValue.isNull()) {
return true;
}
return false;
}
/**
* @return the current CAS service ticket
*/
private StringValue getTicket() {
RequestCycle requestCycle = RequestCycle.get();
Request request = requestCycle.getRequest();
IRequestParameters queryParameters = request.getQueryParameters();
StringValue ticketValue = queryParameters.getParameterValue(SSO_TICKET_URL_PARAM);
return ticketValue;
}
/**
* Validates the CAS service ticket on the CAS server
*/
private boolean validateTicket() {
StringValue ticket = getTicket();
if (ticket.isNull()) {
return false;
}
String ticketValue = ticket.toString();
String pageURL = getPagePublicURL();
try {
Cas20ServiceTicketValidator ticketValidator = new Cas20ServiceTicketValidator(SSO_CAS_BASE_URL);
Assertion assertion = ticketValidator.validate(ticketValue, pageURL);
AttributePrincipal principal = assertion.getPrincipal();
String user = principal.getName();
Session session = getSession();
session.setAttribute(SSO_FLAG_AUTHENTICATED, Boolean.TRUE);
session.setAttribute(SSO_USER_NAME, user);
return true;
} catch (TicketValidationException e) {
getSession().invalidate();
}
return false;
}
/**
* @return the url of this page as seen by the browser
*/
private String getPagePublicURL() {
RequestCycle requestCycle = RequestCycle.get();
ServletWebRequest servletWebRequest = (ServletWebRequest) requestCycle.getRequest();
HttpServletRequest containerRequest = servletWebRequest.getContainerRequest();
String requestURL = containerRequest.getRequestURL().toString();
return requestURL;
}
}
 
 
  • No labels