• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• shiro-cas-spring-boot-starter-master
  • src
    • main
      • resources
        • META-INF
          • spring-autoconfigure-metadata.properties
          • spring.factories
      • java
        • org
          • apache
            • shiro
              • spring
                • boot
                  • utils
                    • CasTicketValidatorUtils.java
                    • CasUrlUtils.java
                    • RemoteAddrUtils.java
                    • StringUtils.java
                  • ShiroCasWebFilterConfiguration.java
                  • cas
                    • AntPatternMatcherStrategy.java
                    • CasPrincipalRepository.java
                    • CasTicketPrincipal.java
                    • ContainsPatternsUrlPatternMatcherStrategy.java
                    • exception
                      • CasAuthenticationException.java
                    • realm
                      • CasStatelessAuthorizingRealm.java
                      • CasStatefulAuthorizingRealm.java
                    • ShiroCasFilterFactoryBean.java
                    • token
                      • CasToken.java
                    • CasClientProperties.java
                    • filter
                      • CasAuthenticatingFilter.java
                      • CasLogoutFilter.java
                    • CasSubjectFactory.java
                  • ShiroCasWebAutoConfiguration.java
                  • ShiroCasProperties.java
    • test
      • resources
        • application.yml
  • .sts4-cache
    • classpath-data.json
  • pom.xml
  • mvnw
  • LICENSE
  • README.md
  • .gitignore
  • mvnw.cmd

/*
 * Copyright (c) 2017, hiwepy (https://github.com/hiwepy).
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 */
package org.apache.shiro.spring.boot.cas;

import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.spring.boot.cas.token.CasToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;

public class CasSubjectFactory extends DefaultWebSubjectFactory {

    @Override
    public Subject createSubject(SubjectContext context) {

        //the authenticated flag is only set by the SecurityManager after a successful authentication attempt.
        boolean authenticated = context.isAuthenticated();

        //although the SecurityManager 'sees' the submission as a successful authentication, in reality, the
        //login might have been just a CAS rememberMe login.  If so, set the authenticated flag appropriately:
        if (authenticated) {

            AuthenticationToken token = context.getAuthenticationToken();

            if (token != null && token instanceof CasToken) {
                CasToken casToken = (CasToken) token;
                // set the authenticated flag of the context to true only if the CAS subject is not in a remember me mode
                if (casToken.isRememberMe()) {
                    context.setAuthenticated(false);
                }
            }
        }

        return super.createSubject(context);
    }
}