Here you go Naveed,
/*
* CASAuhentication.java
*
* Version: $Revision: 1.0 $
*
* Date: $Date: 2006/11/22 21:16:38 $
*
* Copyright (c) 2002-2005, Hewlett-Packard Company and Massachusetts
* Institute of Technology. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of the Hewlett-Packard Company nor the name of the
* Massachusetts Institute of Technology nor the names of their
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
package org.dspace.eperson;
import org.apache.log4j.Logger;
import org.dspace.app.webui.util.JSPManager;
import org.dspace.core.ConfigurationManager;
import org.dspace.core.Context;
import org.dspace.core.LogManager;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.AuthenticationMethod;
import org.dspace.eperson.AuthenticationManager;
import org.dspace.authorize.AuthorizeException;
import javax.servlet.jsp.PageContext;
import javax.servlet.jsp.jstl.fmt.LocaleSupport;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.sql.SQLException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
// we use the Java CAS client
import edu.yale.its.tp.cas.client.*;
/**
* Authenticator for Central Authentication Service (CAS).
*
* @author Naveed Hashmi, University of Bristol
* based on code developed by Nordija A/S (
www.nordija.com) for Center
of Knowledge Technology (
www.cvt.dk)
* @version $Revision: 1.0 $
*/
public class CASAuthentication
implements AuthenticationMethod {
/** log4j category */
private static Logger log = Logger.getLogger
(CASAuthentication.class);
private static String casServicevalidate; //URL to validate ST
tickets
private static String casProxyvalidate; //URL to validate PT
tickets
// (optional) store user's details for self registration, can
get this info from LDAP, RDBMS etc
private String email;
private String firstName;
private String lastName;
/**
* Predicate, can new user automatically create EPerson.
* Checks configuration value. You'll probably want this to
* be true to take advantage of a Web certificate infrastructure
* with many more users than are already known by DSpace.
*/
public boolean canSelfRegister(Context context,
HttpServletRequest request,
String username)
throws SQLException
{
return ConfigurationManager.getBooleanProperty(
"webui.cas.autoregister");
}
/**
* Nothing extra to initialize.
*/
public void initEPerson(Context context, HttpServletRequest
request,
EPerson eperson)
throws SQLException
{
}
/**
* We don't use EPerson password so there is no reason to change
it.
*/
public boolean allowSetPassword(Context context,
HttpServletRequest request,
String username)
throws SQLException
{
return false;
}
/**
* Returns true, CAS is an implicit method
*/
public boolean isImplicit()
{
return true;
}
/**
* No special groups.
*/
public int[] getSpecialGroups(Context context,
HttpServletRequest request)
{
return new int[0];
}
/**
* CAS authentication.
*
* @return One of: SUCCESS, BAD_CREDENTIALS, NO_SUCH_USER, BAD_ARGS
*/
public int authenticate(Context context,
String netid,
String password,
String realm,
HttpServletRequest request)
throws SQLException
{
final String ticket = request.getParameter("ticket");
final String service = request.getRequestURL().toString();
log.info(LogManager.getHeader(context, "login", " ticket: "
+ ticket));
log.info(LogManager.getHeader(context, "login", "service: "
+ service));
if (ticket != null)
{
try
{
// Determine CAS validation URL
String validate = ConfigurationManager.getProperty
("cas.validate.url");
log.info(LogManager.getHeader(context, "login", "CAS
validate: " + validate));
if (validate == null)
{
throw new ServletException("No CAS validation
URL specified. You need to set property 'cas.validate.url'");
}
// Validate ticket (it is assumed that CAS validator
returns the user network ID)
netid = validate(service, ticket, validate);
if (netid == null)
{
throw new ServletException("Ticket '" + ticket +
"' is not valid");
}
// Locate the eperson in DSpace
EPerson eperson = null;
try
{
eperson = EPerson.findByNetid(context,
netid.toLowerCase());
}
catch (SQLException e)
{
}
// if they entered a netd that matches an eperson
and they are allowed to login
if (eperson != null)
{
// e-mail address corresponds to active account
if (eperson.getRequireCertificate())
{
// they must use a certificate
return CERT_REQUIRED;
}
else if (!eperson.canLogIn())
return BAD_ARGS;
// Logged in OK.
log.info(LogManager.getHeader(context,
"type=cas-login", "type=cas"));
context.setIgnoreAuthorization(true);
eperson.setNetid(netid);
eperson.update();
context.commit();
context.setIgnoreAuthorization(false);
context.setCurrentUser(eperson);
return SUCCESS;
}
// the user does not exist in DSpace so create an
eperson
else
{
if (canSelfRegister(context, request, netid) )
{
// TEMPORARILY turn off authorisation
// Register the new user automatically
context.setIgnoreAuthorization(true);
eperson = EPerson.create(context);
// use netid only but this implies that user
has to manually update their profile
eperson.setNetid(netid);
// if you wish to automatically extract
further user details: email, first_name and last_name
// enter your method here: e.g. query LDAP
or RDBMS etc.
/* e.g.
registerUser(netid);
eperson.setEmail(email);
eperson.setFirstName(firstName);
eperson.setLastName(lastName);
*/
eperson.setCanLogIn(true);
AuthenticationManager.initEPerson(context,
request, eperson);
eperson.update();
context.commit();
context.setIgnoreAuthorization(false);
context.setCurrentUser(eperson);
return SUCCESS;
}
else
{
// No auto-registration for valid netid
log.warn(LogManager.getHeader(context,
"authenticate",
"type=netid_but_no_record, cannot auto-
register"));
return NO_SUCH_USER;
}
}
} catch (Exception e)
{
log.error("Unexpected exception caught", e);
//throw new ServletException(e);
}
}
return BAD_ARGS;
}
/**
* Returns the NetID of the owner of the given ticket, or null if the
* ticket isn't valid.
*
* @param service the service ID for the application validating the
* ticket
* @param ticket the opaque service ticket (ST) to validate
*/
public static String validate(String service, String ticket,
String validateURL)
throws IOException, ServletException
{
ServiceTicketValidator stv = null;
String validateUrl = null;
if(ticket.startsWith("ST")) {
stv = new ServiceTicketValidator();
validateUrl = casServicevalidate;
}else {
//uPortal uses this
stv = new ProxyTicketValidator();
validateUrl = casProxyvalidate;
}
stv.setCasValidateUrl(validateURL);
stv.setService(java.net.URLEncoder.encode(service));
stv.setServiceTicket(ticket);
try{
stv.validate();
} catch (Exception e) {
log.error("Unexpected
exception caught", e);
throw new ServletException(e);
}
if(!stv.isAuthenticationSuccesful()) return null;
String netid = stv.getUser();
return netid;
}
/**
* Add code here to extract user details
* email, firstname, lastname
* from LDAP or database etc
*/
public void registerUser(String netid)
throws ClassNotFoundException, SQLException
{
// add your code here
}
/*
* Returns URL to which to redirect to obtain credentials
(either password
* prompt or e.g. HTTPS port for client cert.); null means no
redirect.
*
* @param context
* DSpace context, will be modified (ePerson set) upon success.
*
* @param request
* The HTTP request that started this operation, or null if not
applicable.
*
* @param response
* The HTTP response from the servlet method.
*
* @return fully-qualified URL
*/
public String loginPageURL(Context context,
HttpServletRequest request,
HttpServletResponse response)
{
// Determine CAS server URL
final String authServer = ConfigurationManager.getProperty
("cas.server.url");
final String service = request.getRequestURL().toString();
log.info("CAS server: " + authServer);
// Redirect to CAS server
return response.encodeRedirectURL(authServer + "?service=" +
service);
}
/*
* Returns message key for title of the "login" page, to use
* in a menu showing the choice of multiple login methods.
*
* @param context
* DSpace context, will be modified (ePerson set) upon success.
*
* @return Message key to look up in i18n message catalog.
*/
public String loginPageTitle(Context context)
{
//return null;
return "org.dspace.eperson.CASAuthentication.title";
}
}
Den 23/11/2006 kl. 11.22 skrev NS Hashmi, Information Systems and
Computing:
> Hi Tonny,
>