You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2016/07/18 17:08:34 UTC
[2/2] shiro git commit: SHIRO-571: Removed shiro-cas classes module
SHIRO-571: Removed shiro-cas classes module
Support for CAS has move to: https://github.com/bujiio/buji-pac4j
Project: http://git-wip-us.apache.org/repos/asf/shiro/repo
Commit: http://git-wip-us.apache.org/repos/asf/shiro/commit/fcc6613c
Tree: http://git-wip-us.apache.org/repos/asf/shiro/tree/fcc6613c
Diff: http://git-wip-us.apache.org/repos/asf/shiro/diff/fcc6613c
Branch: refs/heads/master
Commit: fcc6613c719f75e22c3332ec19e5bc8f38089b50
Parents: eb71da4
Author: Brian Demers <bd...@apache.org>
Authored: Mon Jul 18 13:03:35 2016 -0400
Committer: Brian Demers <bd...@apache.org>
Committed: Mon Jul 18 13:03:35 2016 -0400
----------------------------------------------------------------------
support/cas/pom.xml | 89 ------
.../shiro/cas/CasAuthenticatedUserFilter.java | 52 ----
.../shiro/cas/CasAuthenticationException.java | 43 ---
.../java/org/apache/shiro/cas/CasFilter.java | 153 ---------
.../java/org/apache/shiro/cas/CasRealm.java | 310 -------------------
.../org/apache/shiro/cas/CasSubjectFactory.java | 56 ----
.../java/org/apache/shiro/cas/CasToken.java | 64 ----
.../org/apache/shiro/cas/CasRealmTest.groovy | 173 -----------
.../org/apache/shiro/cas/CasTokenTest.groovy | 46 ---
.../shiro/cas/MockServiceTicketValidator.groovy | 57 ----
support/pom.xml | 1 -
11 files changed, 1044 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/pom.xml
----------------------------------------------------------------------
diff --git a/support/cas/pom.xml b/support/cas/pom.xml
deleted file mode 100644
index 659f97a..0000000
--- a/support/cas/pom.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- ~ Licensed to the Apache Software Foundation (ASF) under one
- ~ or more contributor license agreements. See the NOTICE file
- ~ distributed with this work for additional information
- ~ regarding copyright ownership. The ASF licenses this file
- ~ to you under the Apache License, Version 2.0 (the
- ~ "License"); you may not use this file except in compliance
- ~ with the License. You may obtain a copy of the License at
- ~
- ~ http://www.apache.org/licenses/LICENSE-2.0
- ~
- ~ Unless required by applicable law or agreed to in writing,
- ~ software distributed under the License is distributed on an
- ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- ~ KIND, either express or implied. See the License for the
- ~ specific language governing permissions and limitations
- ~ under the License.
- -->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-
- <parent>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-root</artifactId>
- <version>2.alpha.0-SNAPSHOT</version>
- <relativePath>../../pom.xml</relativePath>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <artifactId>shiro-cas</artifactId>
- <name>Apache Shiro :: Support :: CAS</name>
- <packaging>bundle</packaging>
-
- <dependencies>
- <dependency>
- <groupId>org.apache.shiro</groupId>
- <artifactId>shiro-web</artifactId>
- </dependency>
- <dependency>
- <groupId>org.jasig.cas.client</groupId>
- <artifactId>cas-client-core</artifactId>
- <version>3.2.2</version>
- </dependency>
- <dependency>
- <!-- for Optional SAML ticket validation: -->
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <optional>true</optional>
- </dependency>
- <dependency>
- <!-- for Optional SAML ticket validation: -->
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <version>1.1</version>
- <scope>runtime</scope>
- <optional>true</optional>
- </dependency>
- <dependency>
- <!-- for Optional SAML ticket validation: -->
- <groupId>org.apache.santuario</groupId>
- <artifactId>xmlsec</artifactId>
- <version>1.4.3</version>
- <scope>runtime</scope>
- <optional>true</optional>
- </dependency>
- </dependencies>
-
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.felix</groupId>
- <artifactId>maven-bundle-plugin</artifactId>
- <extensions>true</extensions>
- <configuration>
- <instructions>
- <Bundle-SymbolicName>org.apache.shiro.cas</Bundle-SymbolicName>
- <Export-Package>org.apache.shiro.cas*;version=${project.version}</Export-Package>
- <Import-Package>
- org.apache.shiro*;version="${shiro.osgi.importRange}",
- org.jasig.cas.client*;version="[3.2, 4)",
- *
- </Import-Package>
- </instructions>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
-</project>
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticatedUserFilter.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticatedUserFilter.java b/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticatedUserFilter.java
deleted file mode 100644
index 6d65058..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticatedUserFilter.java
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.filter.authc.AuthenticationFilter;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-
-/**
- * This filter checks if the user is authenticated (not remembered) and sends him to an (updated) CAS login url (if he's already
- * remembered).
- *
- * @author Jerome Leleu
- * @since 1.3.0
- */
-public class CasAuthenticatedUserFilter extends AuthenticationFilter {
-
- public String getLoginUrl() {
- String loginUrl = super.getLoginUrl();
- Subject currentUser = SecurityUtils.getSubject();
- // if user is remembered, add the renew=true parameter to force CAS server to re-authenticate the user
- if (currentUser.isRemembered()) {
- loginUrl += "&renew=true";
- }
- return loginUrl;
- }
-
- @Override
- protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
- saveRequestAndRedirectToLogin(request, response);
- return false;
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticationException.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticationException.java b/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticationException.java
deleted file mode 100644
index e73c6f7..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasAuthenticationException.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.authc.AuthenticationException;
-
-/**
- * @since 1.2
- */
-public class CasAuthenticationException extends AuthenticationException {
-
- public CasAuthenticationException() {
- super();
- }
-
- public CasAuthenticationException(String message) {
- super(message);
- }
-
- public CasAuthenticationException(Throwable cause) {
- super(cause);
- }
-
- public CasAuthenticationException(String message, Throwable cause) {
- super(message, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasFilter.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasFilter.java b/support/cas/src/main/java/org/apache/shiro/cas/CasFilter.java
deleted file mode 100644
index e07e9a3..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasFilter.java
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
-import org.apache.shiro.web.util.WebUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-
-/**
- * This filter validates the CAS service ticket to authenticate the user. It must be configured on the URL recognized
- * by the CAS server. For example, in {@code shiro.ini}:
- * <pre>
- * [main]
- * casFilter = org.apache.shiro.cas.CasFilter
- * ...
- *
- * [urls]
- * /shiro-cas = casFilter
- * ...
- * </pre>
- * (example : http://host:port/mycontextpath/shiro-cas)
- *
- * @since 1.2
- */
-public class CasFilter extends AuthenticatingFilter {
-
- private static Logger logger = LoggerFactory.getLogger(CasFilter.class);
-
- // the name of the parameter service ticket in url
- private static final String TICKET_PARAMETER = "ticket";
-
- // the url where the application is redirected if the CAS service ticket validation failed (example : /mycontextpatch/cas_error.jsp)
- private String failureUrl;
-
- /**
- * The token created for this authentication is a CasToken containing the CAS service ticket received on the CAS service url (on which
- * the filter must be configured).
- *
- * @param request the incoming request
- * @param response the outgoing response
- * @throws Exception if there is an error processing the request.
- */
- @Override
- protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- String ticket = httpRequest.getParameter(TICKET_PARAMETER);
- return new CasToken(ticket);
- }
-
- /**
- * Execute login by creating {@link #createToken(javax.servlet.ServletRequest, javax.servlet.ServletResponse) token} and logging subject
- * with this token.
- *
- * @param request the incoming request
- * @param response the outgoing response
- * @throws Exception if there is an error processing the request.
- */
- @Override
- protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
- return executeLogin(request, response);
- }
-
- /**
- * Returns <code>false</code> to always force authentication (user is never considered authenticated by this filter).
- *
- * @param request the incoming request
- * @param response the outgoing response
- * @param mappedValue the filter-specific config value mapped to this filter in the URL rules mappings.
- * @return <code>false</code>
- */
- @Override
- protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
- return false;
- }
-
- /**
- * If login has been successful, redirect user to the original protected url.
- *
- * @param token the token representing the current authentication
- * @param subject the current authenticated subjet
- * @param request the incoming request
- * @param response the outgoing response
- * @throws Exception if there is an error processing the request.
- */
- @Override
- protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request,
- ServletResponse response) throws Exception {
- issueSuccessRedirect(request, response);
- return false;
- }
-
- /**
- * If login has failed, redirect user to the CAS error page (no ticket or ticket validation failed) except if the user is already
- * authenticated, in which case redirect to the default success url.
- *
- * @param token the token representing the current authentication
- * @param ae the current authentication exception
- * @param request the incoming request
- * @param response the outgoing response
- */
- @Override
- protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException ae, ServletRequest request,
- ServletResponse response) {
- if (logger.isDebugEnabled()) {
- logger.debug( "Authentication exception", ae );
- }
- // is user authenticated or in remember me mode ?
- Subject subject = getSubject(request, response);
- if (subject.isAuthenticated() || subject.isRemembered()) {
- try {
- issueSuccessRedirect(request, response);
- } catch (Exception e) {
- logger.error("Cannot redirect to the default success url", e);
- }
- } else {
- try {
- WebUtils.issueRedirect(request, response, failureUrl);
- } catch (IOException e) {
- logger.error("Cannot redirect to failure url : {}", failureUrl, e);
- }
- }
- return false;
- }
-
- public void setFailureUrl(String failureUrl) {
- this.failureUrl = failureUrl;
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java b/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java
deleted file mode 100644
index 7083784..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java
+++ /dev/null
@@ -1,310 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.SimpleAuthenticationInfo;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-import org.apache.shiro.subject.SimplePrincipalCollection;
-import org.apache.shiro.util.CollectionUtils;
-import org.apache.shiro.util.StringUtils;
-import org.jasig.cas.client.authentication.AttributePrincipal;
-import org.jasig.cas.client.validation.*;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-/**
- * This realm implementation acts as a CAS client to a CAS server for authentication and basic authorization.
- * <p/>
- * This realm functions by inspecting a submitted {@link org.apache.shiro.cas.CasToken CasToken} (which essentially
- * wraps a CAS service ticket) and validates it against the CAS server using a configured CAS
- * {@link org.jasig.cas.client.validation.TicketValidator TicketValidator}.
- * <p/>
- * The {@link #getValidationProtocol() validationProtocol} is {@code CAS} by default, which indicates that a
- * a {@link org.jasig.cas.client.validation.Cas20ServiceTicketValidator Cas20ServiceTicketValidator}
- * will be used for ticket validation. You can alternatively set
- * or {@link org.jasig.cas.client.validation.Saml11TicketValidator Saml11TicketValidator} of CAS client. It is based on
- * {@link AuthorizingRealm AuthorizingRealm} for both authentication and authorization. User id and attributes are retrieved from the CAS
- * service ticket validation response during authentication phase. Roles and permissions are computed during authorization phase (according
- * to the attributes previously retrieved).
- *
- * @since 1.2
- */
-public class CasRealm extends AuthorizingRealm {
-
- // default name of the CAS attribute for remember me authentication (CAS 3.4.10+)
- public static final String DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME = "longTermAuthenticationRequestTokenUsed";
- public static final String DEFAULT_VALIDATION_PROTOCOL = "CAS";
-
- private static Logger log = LoggerFactory.getLogger(CasRealm.class);
-
- // this is the url of the CAS server (example : http://host:port/cas)
- private String casServerUrlPrefix;
-
- // this is the CAS service url of the application (example : http://host:port/mycontextpath/shiro-cas)
- private String casService;
-
- /* CAS protocol to use for ticket validation : CAS (default) or SAML :
- - CAS protocol can be used with CAS server version < 3.1 : in this case, no user attributes can be retrieved from the CAS ticket validation response (except if there are some customizations on CAS server side)
- - SAML protocol can be used with CAS server version >= 3.1 : in this case, user attributes can be extracted from the CAS ticket validation response
- */
- private String validationProtocol = DEFAULT_VALIDATION_PROTOCOL;
-
- // default name of the CAS attribute for remember me authentication (CAS 3.4.10+)
- private String rememberMeAttributeName = DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME;
-
- // this class from the CAS client is used to validate a service ticket on CAS server
- private TicketValidator ticketValidator;
-
- // default roles to applied to authenticated user
- private String defaultRoles;
-
- // default permissions to applied to authenticated user
- private String defaultPermissions;
-
- // names of attributes containing roles
- private String roleAttributeNames;
-
- // names of attributes containing permissions
- private String permissionAttributeNames;
-
- public CasRealm() {
- setAuthenticationTokenClass(CasToken.class);
- }
-
- @Override
- protected void onInit() {
- super.onInit();
- ensureTicketValidator();
- }
-
- protected TicketValidator ensureTicketValidator() {
- if (this.ticketValidator == null) {
- this.ticketValidator = createTicketValidator();
- }
- return this.ticketValidator;
- }
-
- protected TicketValidator createTicketValidator() {
- String urlPrefix = getCasServerUrlPrefix();
- if ("saml".equalsIgnoreCase(getValidationProtocol())) {
- return new Saml11TicketValidator(urlPrefix);
- }
- return new Cas20ServiceTicketValidator(urlPrefix);
- }
-
- /**
- * Authenticates a user and retrieves its information.
- *
- * @param token the authentication token
- * @throws AuthenticationException if there is an error during authentication.
- */
- @Override
- @SuppressWarnings("unchecked")
- protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
- CasToken casToken = (CasToken) token;
- if (token == null) {
- return null;
- }
-
- String ticket = (String)casToken.getCredentials();
- if (!StringUtils.hasText(ticket)) {
- return null;
- }
-
- TicketValidator ticketValidator = ensureTicketValidator();
-
- try {
- // contact CAS server to validate service ticket
- Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
- // get principal, user id and attributes
- AttributePrincipal casPrincipal = casAssertion.getPrincipal();
- String userId = casPrincipal.getName();
- log.debug("Validate ticket : {} in CAS server : {} to retrieve user : {}", new Object[]{
- ticket, getCasServerUrlPrefix(), userId
- });
-
- Map<String, Object> attributes = casPrincipal.getAttributes();
- // refresh authentication token (user id + remember me)
- casToken.setUserId(userId);
- String rememberMeAttributeName = getRememberMeAttributeName();
- String rememberMeStringValue = (String)attributes.get(rememberMeAttributeName);
- boolean isRemembered = rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue);
- if (isRemembered) {
- casToken.setRememberMe(true);
- }
- // create simple authentication info
- List<Object> principals = CollectionUtils.asList(userId, attributes);
- PrincipalCollection principalCollection = new SimplePrincipalCollection(principals, getName());
- return new SimpleAuthenticationInfo(principalCollection, ticket);
- } catch (TicketValidationException e) {
- throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
- }
- }
-
- /**
- * Retrieves the AuthorizationInfo for the given principals (the CAS previously authenticated user : id + attributes).
- *
- * @param principals the primary identifying principals of the AuthorizationInfo that should be retrieved.
- * @return the AuthorizationInfo associated with this principals.
- */
- @Override
- @SuppressWarnings("unchecked")
- protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
- // retrieve user information
- SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) principals;
- List<Object> listPrincipals = principalCollection.asList();
- Map<String, String> attributes = (Map<String, String>) listPrincipals.get(1);
- // create simple authorization info
- SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
- // add default roles
- addRoles(simpleAuthorizationInfo, split(defaultRoles));
- // add default permissions
- addPermissions(simpleAuthorizationInfo, split(defaultPermissions));
- // get roles from attributes
- List<String> attributeNames = split(roleAttributeNames);
- for (String attributeName : attributeNames) {
- String value = attributes.get(attributeName);
- addRoles(simpleAuthorizationInfo, split(value));
- }
- // get permissions from attributes
- attributeNames = split(permissionAttributeNames);
- for (String attributeName : attributeNames) {
- String value = attributes.get(attributeName);
- addPermissions(simpleAuthorizationInfo, split(value));
- }
- return simpleAuthorizationInfo;
- }
-
- /**
- * Split a string into a list of not empty and trimmed strings, delimiter is a comma.
- *
- * @param s the input string
- * @return the list of not empty and trimmed strings
- */
- private List<String> split(String s) {
- List<String> list = new ArrayList<String>();
- String[] elements = StringUtils.split(s, ',');
- if (elements != null && elements.length > 0) {
- for (String element : elements) {
- if (StringUtils.hasText(element)) {
- list.add(element.trim());
- }
- }
- }
- return list;
- }
-
- /**
- * Add roles to the simple authorization info.
- *
- * @param simpleAuthorizationInfo
- * @param roles the list of roles to add
- */
- private void addRoles(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> roles) {
- for (String role : roles) {
- simpleAuthorizationInfo.addRole(role);
- }
- }
-
- /**
- * Add permissions to the simple authorization info.
- *
- * @param simpleAuthorizationInfo
- * @param permissions the list of permissions to add
- */
- private void addPermissions(SimpleAuthorizationInfo simpleAuthorizationInfo, List<String> permissions) {
- for (String permission : permissions) {
- simpleAuthorizationInfo.addStringPermission(permission);
- }
- }
-
- public String getCasServerUrlPrefix() {
- return casServerUrlPrefix;
- }
-
- public void setCasServerUrlPrefix(String casServerUrlPrefix) {
- this.casServerUrlPrefix = casServerUrlPrefix;
- }
-
- public String getCasService() {
- return casService;
- }
-
- public void setCasService(String casService) {
- this.casService = casService;
- }
-
- public String getValidationProtocol() {
- return validationProtocol;
- }
-
- public void setValidationProtocol(String validationProtocol) {
- this.validationProtocol = validationProtocol;
- }
-
- public String getRememberMeAttributeName() {
- return rememberMeAttributeName;
- }
-
- public void setRememberMeAttributeName(String rememberMeAttributeName) {
- this.rememberMeAttributeName = rememberMeAttributeName;
- }
-
- public String getDefaultRoles() {
- return defaultRoles;
- }
-
- public void setDefaultRoles(String defaultRoles) {
- this.defaultRoles = defaultRoles;
- }
-
- public String getDefaultPermissions() {
- return defaultPermissions;
- }
-
- public void setDefaultPermissions(String defaultPermissions) {
- this.defaultPermissions = defaultPermissions;
- }
-
- public String getRoleAttributeNames() {
- return roleAttributeNames;
- }
-
- public void setRoleAttributeNames(String roleAttributeNames) {
- this.roleAttributeNames = roleAttributeNames;
- }
-
- public String getPermissionAttributeNames() {
- return permissionAttributeNames;
- }
-
- public void setPermissionAttributeNames(String permissionAttributeNames) {
- this.permissionAttributeNames = permissionAttributeNames;
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasSubjectFactory.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasSubjectFactory.java b/support/cas/src/main/java/org/apache/shiro/cas/CasSubjectFactory.java
deleted file mode 100644
index f89001c..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasSubjectFactory.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.subject.SubjectContext;
-import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;
-
-/**
- * {@link org.apache.shiro.mgt.SubjectFactory Subject} implementation to be used in CAS-enabled applications.
- *
- * @since 1.2
- */
-public class CasSubjectFactory extends DefaultWebSubjectFactory {
-
- @Override
- public Subject createSubject(SubjectContext context) {
-
- //the authenticated flag is only set by the SecurityManager after a successful authentication attempt.
- boolean authenticated = context.isAuthenticated();
-
- //although the SecurityManager 'sees' the submission as a successful authentication, in reality, the
- //login might have been just a CAS rememberMe login. If so, set the authenticated flag appropriately:
- if (authenticated) {
-
- AuthenticationToken token = context.getAuthenticationToken();
-
- if (token != null && token instanceof CasToken) {
- CasToken casToken = (CasToken) token;
- // set the authenticated flag of the context to true only if the CAS subject is not in a remember me mode
- if (casToken.isRememberMe()) {
- context.setAuthenticated(false);
- }
- }
- }
-
- return super.createSubject(context);
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/main/java/org/apache/shiro/cas/CasToken.java
----------------------------------------------------------------------
diff --git a/support/cas/src/main/java/org/apache/shiro/cas/CasToken.java b/support/cas/src/main/java/org/apache/shiro/cas/CasToken.java
deleted file mode 100644
index 9b1c22d..0000000
--- a/support/cas/src/main/java/org/apache/shiro/cas/CasToken.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas;
-
-import org.apache.shiro.authc.RememberMeAuthenticationToken;
-
-/**
- * This class represents a token for a CAS authentication (service ticket + user id + remember me).
- *
- * @since 1.2
- */
-public class CasToken implements RememberMeAuthenticationToken {
-
- private static final long serialVersionUID = 8587329689973009598L;
-
- // the service ticket returned by the CAS server
- private String ticket = null;
-
- // the user identifier
- private String userId = null;
-
- // is the user in a remember me mode ?
- private boolean isRememberMe = false;
-
- public CasToken(String ticket) {
- this.ticket = ticket;
- }
-
- public Object getPrincipal() {
- return userId;
- }
-
- public Object getCredentials() {
- return ticket;
- }
-
- public void setUserId(String userId) {
- this.userId = userId;
- }
-
- public boolean isRememberMe() {
- return isRememberMe;
- }
-
- public void setRememberMe(boolean isRememberMe) {
- this.isRememberMe = isRememberMe;
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/test/groovy/org/apache/shiro/cas/CasRealmTest.groovy
----------------------------------------------------------------------
diff --git a/support/cas/src/test/groovy/org/apache/shiro/cas/CasRealmTest.groovy b/support/cas/src/test/groovy/org/apache/shiro/cas/CasRealmTest.groovy
deleted file mode 100644
index da3d09c..0000000
--- a/support/cas/src/test/groovy/org/apache/shiro/cas/CasRealmTest.groovy
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas
-
-import org.apache.shiro.authc.AuthenticationInfo
-import org.apache.shiro.authz.AuthorizationInfo
-
-/**
- * Unit tests for the {@link CasRealm} implementation.
- *
- * @since 1.2
- */
-class CasRealmTest extends GroovyTestCase {
-
- /**
- * Creates a CAS realm with a ticket validator mock.
- *
- * @return CasRealm The CAS realm for testing.
- */
- private CasRealm createCasRealm() {
- new CasRealm(ticketValidator: new MockServiceTicketValidator());
- }
-
- void testNoAttribute() {
- CasRealm casRealm = createCasRealm();
- CasToken casToken = new CasToken('$=defaultId');
- AuthenticationInfo authenticationInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authenticationInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.asList()[1] //returns a map
- assertEquals 0, attributes.size()
- AuthorizationInfo authorizationInfo = casRealm.doGetAuthorizationInfo(principals);
- assertNull authorizationInfo.stringPermissions
- assertNull authorizationInfo.roles
- }
-
- void testNoAttributeDefaultRoleAndPermission() {
- CasRealm casRealm = createCasRealm();
- casRealm.defaultRoles = "defaultRole"
- casRealm.defaultPermissions = "defaultPermission"
- CasToken casToken = new CasToken('$=defaultId');
- AuthenticationInfo authenticationInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authenticationInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals 0, attributes.size()
- AuthorizationInfo authorizationInfo = casRealm.doGetAuthorizationInfo(principals);
- assertTrue authorizationInfo.roles.contains("defaultRole")
- assertTrue authorizationInfo.stringPermissions.contains("defaultPermission")
- }
-
- void testNoAttributeDefaultRolesAndPermissions() {
- CasRealm casRealm = createCasRealm();
- casRealm.defaultRoles = "defaultRole1, defaultRole2"
- casRealm.defaultPermissions = "defaultPermission1,defaultPermission2"
- CasToken casToken = new CasToken('$=defaultId');
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals 0, attributes.size()
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals)
- assertEquals 2, authzInfo.roles.size()
- assertTrue authzInfo.roles.contains("defaultRole1")
- assertTrue authzInfo.roles.contains("defaultRole2")
- assertEquals 2, authzInfo.stringPermissions.size()
- assertTrue authzInfo.stringPermissions.contains("defaultPermission1")
- assertTrue authzInfo.stringPermissions.contains("defaultPermission2")
- }
-
- void testRoleAndPermission() {
- CasRealm casRealm = createCasRealm();
- casRealm.roleAttributeNames = "role"
- casRealm.permissionAttributeNames = "permission"
- CasToken casToken = new CasToken('$=defaultId|role=aRole|permission=aPermission');
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals 2, attributes.size()
- assertEquals "aRole", attributes['role']
- assertEquals "aPermission", attributes['permission']
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals);
- assertTrue authzInfo.roles.contains("aRole")
- assertTrue authzInfo.stringPermissions.contains("aPermission")
- }
-
- void testRolesAndPermissions() {
- CasRealm casRealm = createCasRealm();
- casRealm.setRoleAttributeNames("role1 , role2");
- casRealm.setPermissionAttributeNames("permission1,permission2");
- CasToken casToken = new CasToken(
- '$=defaultId|role1=role11 , role12|role2=role21,role22|permission1=permission11, permission12|permission2=permission21 ,permission22');
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals "role11 , role12", attributes['role1']
- assertEquals "role21,role22", attributes['role2']
- assertEquals "permission11, permission12", attributes['permission1']
- assertEquals "permission21 ,permission22", attributes['permission2']
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals);
- assertEquals 4, authzInfo.roles.size()
- assertTrue authzInfo.roles.contains("role11")
- assertTrue authzInfo.roles.contains("role12")
- assertTrue authzInfo.roles.contains("role21")
- assertTrue authzInfo.roles.contains("role22")
- assertTrue authzInfo.stringPermissions.contains("permission11")
- assertTrue authzInfo.stringPermissions.contains("permission12")
- assertTrue authzInfo.stringPermissions.contains("permission21")
- assertTrue authzInfo.stringPermissions.contains("permission22")
- }
-
- void testNotRememberMe() {
- CasRealm casRealm = createCasRealm();
- CasToken casToken = new CasToken("\$=defaultId|$CasRealm.DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME=false");
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals "false", attributes[CasRealm.DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME]
- assertFalse casToken.rememberMe
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals);
- assertNull authzInfo.stringPermissions
- assertNull authzInfo.roles
- }
-
- void testRememberMe() {
- CasRealm casRealm = createCasRealm();
- CasToken casToken = new CasToken("\$=defaultId|$CasRealm.DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME=true");
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals "true", attributes[CasRealm.DEFAULT_REMEMBER_ME_ATTRIBUTE_NAME]
- assertTrue casToken.rememberMe
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals);
- assertNull authzInfo.stringPermissions
- assertNull authzInfo.roles
- }
-
- void testRememberMeNewAttributeName() {
- CasRealm casRealm = createCasRealm();
- casRealm.rememberMeAttributeName = "rme"
- CasToken casToken = new CasToken('$=defaultId|rme=true');
- AuthenticationInfo authcInfo = casRealm.doGetAuthenticationInfo(casToken);
- def principals = authcInfo.principals
- assertEquals "defaultId", principals.primaryPrincipal
- def attributes = principals.oneByType(Map)
- assertEquals "true", attributes[casRealm.rememberMeAttributeName]
- assertTrue casToken.rememberMe
- AuthorizationInfo authzInfo = casRealm.doGetAuthorizationInfo(principals);
- assertNull authzInfo.stringPermissions
- assertNull authzInfo.roles
- }
-
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/test/groovy/org/apache/shiro/cas/CasTokenTest.groovy
----------------------------------------------------------------------
diff --git a/support/cas/src/test/groovy/org/apache/shiro/cas/CasTokenTest.groovy b/support/cas/src/test/groovy/org/apache/shiro/cas/CasTokenTest.groovy
deleted file mode 100644
index ad3526f..0000000
--- a/support/cas/src/test/groovy/org/apache/shiro/cas/CasTokenTest.groovy
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas
-
-/**
- * Unit tests for the {@link CasToken} implementation.
- *
- * @since 1.2
- */
-class CasTokenTest extends GroovyTestCase {
-
- void testPrincipal() {
- CasToken casToken = new CasToken("fakeTicket")
- assertNull casToken.principal
- casToken.userId = "myUserId"
- assertEquals "myUserId", casToken.principal
- }
-
- void testCredentials() {
- CasToken casToken = new CasToken("fakeTicket")
- assertEquals "fakeTicket", casToken.credentials
- }
-
- void testRememberMe() {
- CasToken casToken = new CasToken("fakeTicket")
- assertFalse casToken.rememberMe
- casToken.rememberMe = true
- assertTrue casToken.rememberMe
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/cas/src/test/groovy/org/apache/shiro/cas/MockServiceTicketValidator.groovy
----------------------------------------------------------------------
diff --git a/support/cas/src/test/groovy/org/apache/shiro/cas/MockServiceTicketValidator.groovy b/support/cas/src/test/groovy/org/apache/shiro/cas/MockServiceTicketValidator.groovy
deleted file mode 100644
index 643b93b..0000000
--- a/support/cas/src/test/groovy/org/apache/shiro/cas/MockServiceTicketValidator.groovy
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.shiro.cas
-
-import org.apache.shiro.util.StringUtils
-import org.jasig.cas.client.authentication.AttributePrincipalImpl
-import org.jasig.cas.client.validation.Assertion
-import org.jasig.cas.client.validation.AssertionImpl
-import org.jasig.cas.client.validation.TicketValidationException
-import org.jasig.cas.client.validation.TicketValidator
-
-/**
- * @since 1.2
- */
-class MockServiceTicketValidator implements TicketValidator {
-
- /**
- * Returns different assertions according to the ticket input. The format of the mock ticket must be :
- * key1=value1,key2=value2,...,keyN=valueN. If keyX is $, valueX is considered to be the name of the principal, otherwise (keyX, valueX)
- * is considered to be an attribute of the principal.
- */
- public Assertion validate(String ticket, String service) throws TicketValidationException {
- String name = null;
- def attributes = [:]
- String[] elements = StringUtils.split(ticket, '|' as char);
- int length = elements.length;
- for (int i = 0; i < length; i++) {
- String[] pair = StringUtils.split(elements[i], '=' as char);
- String key = pair[0].trim();
- String value = pair[1].trim();
- if ('$'.equals(key)) {
- name = value;
- } else {
- attributes.put(key, value);
- }
- }
- AttributePrincipalImpl attributePrincipalImpl = new AttributePrincipalImpl(name, attributes);
- return new AssertionImpl(attributePrincipalImpl, [:]);
-
- }
-}
http://git-wip-us.apache.org/repos/asf/shiro/blob/fcc6613c/support/pom.xml
----------------------------------------------------------------------
diff --git a/support/pom.xml b/support/pom.xml
index f1c2f58..4771708 100644
--- a/support/pom.xml
+++ b/support/pom.xml
@@ -41,7 +41,6 @@
<module>guice</module>
<module>openid4j</module>
<module>features</module>
- <module>cas</module>
</modules>
</project>