View Javadoc

1   /*
2    * Copyright 2005-2007 The Kuali Foundation
3    * 
4    * 
5    * Licensed under the Educational Community License, Version 2.0 (the "License");
6    * you may not use this file except in compliance with the License.
7    * You may obtain a copy of the License at
8    * 
9    * http://www.opensource.org/licenses/ecl2.php
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.kuali.rice.ksb.security.credentials;
18  
19  import java.io.IOException;
20  
21  import org.acegisecurity.context.SecurityContextHolder;
22  import org.acegisecurity.providers.cas.CasAuthenticationToken;
23  import org.acegisecurity.ui.cas.CasProcessingFilter;
24  import org.kuali.rice.core.security.credentials.Credentials;
25  import org.kuali.rice.core.security.credentials.CredentialsSource;
26  
27  import edu.yale.its.tp.cas.proxy.ProxyTicketReceptor;
28  
29  /**
30   * Retrieves a proxy ticket for the user based on their provided Proxy Granting
31   * Ticket. This assumes that the Proxy GrantingTicket is available from a
32   * ThreadLocal and that the service is protected by Acegi.
33   * <p>
34   * Note: this class can be used for user-to-service authentication.
35   * <p>
36   * This assumes the services are stateless and will not maintain an HttpSession
37   * so each call for credentials will result in a new Proxy Ticket being granted.
38   * 
39   * @author Kuali Rice Team (rice.collab@kuali.org)
40   * @since 0.9
41   * @see ThreadLocal
42   * @see ProxyTicketReceptor
43   */
44  public final class CasProxyTicketCredentialsSource implements CredentialsSource {
45  
46      public Credentials getCredentials(final String serviceEndpoint) {
47      	final String proxyGrantingTicketIou = ((CasAuthenticationToken) (SecurityContextHolder
48                  .getContext()).getAuthentication()).getProxyGrantingTicketIou();
49              try {
50                  final String proxyTicket = ProxyTicketReceptor.getProxyTicket(
51                      proxyGrantingTicketIou, serviceEndpoint);
52                  return new UsernamePasswordCredentials(
53                          CasProcessingFilter.CAS_STATELESS_IDENTIFIER, proxyTicket);
54                  } catch (final IOException e) {
55                      return null;
56                  }
57  	}
58  
59      public CredentialsType getSupportedCredentialsType() {
60          return CredentialsType.CAS;
61      }
62  }