1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42
|
<?php
class sfCASRequiredFilter extends sfBasicSecurityFilter
{
public function execute ($filterChain)
{
if ($this->isFirstCall() ){
//require_once('phpCAS/CAS.php');
phpCAS::setDebug();
phpCAS::client(CAS_VERSION_2_0,$this->getParameter('server_domain'), $this->getParameter('server_port'), $this->getParameter('server_path'));
// no SSL validation for the CAS server
phpCAS::setNoCasServerValidation();
$this->getContext()->getLogger()->debug('{sfCASRequiredFilter} about to force auth');
phpCAS::forceAuthentication();
$this->getContext()->getLogger()->debug('{sfCASRequiredFilter} auth is good');
$this->getContext()->getUser()->setAuthenticated(true);
$this->getContext()->getUser()->setAttribute('username', phpCAS::getUser(), 'cas');
$this->getContext()->getUser()->addCredential('username_'.phpCAS::getUser());
}
# if not initially authorized, sfBasicSecurityFilter sets $controller->forward(sfConfig::get('sf_login_module'), sfConfig::get('sf_login_action'));
# so we re-dispatch since we are already authorized
# copied from sfFrontWebController's dispatch()
$this->getContext()->getLogger()->debug('{sfCASRequiredFilter} configs are ' . sfConfig::get('sf_login_module') . '/' . sfConfig::get('sf_login_action'));
if ($this->getContext()->getModuleName() == sfConfig::get('sf_login_module')
&& $this->getContext()->getActionName() == sfConfig::get('sf_login_action')) {
$request = $this->getContext()->getRequest();
$moduleName = $request->getParameter('module');
$actionName = $request->getParameter('action');
$this->getContext()->getLogger()->debug('{sfCASRequiredFilter} forwarding to ' . $moduleName . '/' . $actionName);
$this->getContext()->getController()->forward($moduleName, $actionName);
}
// Execute next filter in the chain
$filterChain->execute();
}
}
?> |
Partager