Module: CASClient::Frameworks::Merb::Filter

Defined in:
lib/casclient/frameworks/merb/filter.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#clientObject (readonly)

Returns the value of attribute client.



5
6
7
 
# File 'lib/casclient/frameworks/merb/filter.rb', line 5

def client
  @client
end

Instance Method Details

#cas_filterObject 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/casclient/frameworks/merb/filter.rb', line 7

def cas_filter
  @client ||= CASClient::Client.new(config)

  service_ticket = read_ticket(self)

   = client.(read_service_url(self))

  last_service_ticket = session[:cas_last_valid_ticket]
  if (service_ticket && last_service_ticket && 
      last_service_ticket.ticket == service_ticket.ticket && 
      last_service_ticket.service == service_ticket.service)

    # warn() rather than info() because we really shouldn't be re-validating the same ticket. 
    # The only time when this is acceptable is if the user manually does a refresh and the ticket
    # happens to be in the URL.
    log.warn("Reusing previously validated ticket since the new ticket and service are the same.")
    service_ticket = last_service_ticket
  elsif last_service_ticket &&
    !config[:authenticate_on_every_request] && 
    session[client.username_session_key]
    # Re-use the previous ticket if the user already has a local CAS session (i.e. if they were already
    # previously authenticated for this service). This is to prevent redirection to the CAS server on every
    # request.
    # This behaviour can be disabled (so that every request is routed through the CAS server) by setting
    # the :authenticate_on_every_request config option to false. 
    log.debug "Existing local CAS session detected for #{session[client.username_session_key].inspect}. "+
      "Previous ticket #{last_service_ticket.ticket.inspect} will be re-used."
      service_ticket = last_service_ticket
  end

  if service_ticket
    client.validate_service_ticket(service_ticket) unless service_ticket.has_been_validated?
    validation_response = service_ticket.response

    if service_ticket.is_valid?
      log.info("Ticket #{service_ticket.inspect} for service #{service_ticket.service.inspect} " + 
        "belonging to user #{validation_response.user.inspect} is VALID.")

      session[client.username_session_key] = validation_response.user
      session[client.extra_attributes_session_key] = validation_response.extra_attributes

      # Store the ticket in the session to avoid re-validating the same service
      # ticket with the CAS server.
      session[:cas_last_valid_ticket] = service_ticket
      return true
    else  
      log.warn("Ticket #{service_ticket.ticket.inspect} failed validation -- " + 
        "#{validation_response.failure_code}: #{validation_response.failure_message}")
      redirect 
      throw :halt
    end
  else
    log.warn("No ticket -- redirecting to #{}")
    redirect 
    throw :halt
  end
end