diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java index 3ffebfb..5ad9fe2 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java @@ -82,6 +82,10 @@ public class AuthenticationFilter extends AbstractCasFilter { private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null; + private String internalIp = null; + + private static final String X_REAL_IP = "x-real-ip"; + private static final Map> PATTERN_MATCHER_TYPES = new HashMap>(); @@ -115,6 +119,7 @@ public class AuthenticationFilter extends AbstractCasFilter { setRenew(getBoolean(ConfigurationKeys.RENEW)); setGateway(getBoolean(ConfigurationKeys.GATEWAY)); setMethod(getString(ConfigurationKeys.METHOD)); + setInternalIp(getString(ConfigurationKeys.INTERNAL_IP)); final String ignorePattern = getString(ConfigurationKeys.IGNORE_PATTERN); final String ignoreUrlPatternType = getString(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE); @@ -169,6 +174,12 @@ public class AuthenticationFilter extends AbstractCasFilter { final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; + if (isInternalRequest(request)) { + logger.debug("Request is ignored [internal]."); + filterChain.doFilter(request, response); + return; + } + if (isRequestUrlExcluded(request)) { logger.debug("Request is ignored."); filterChain.doFilter(request, response); @@ -231,10 +242,24 @@ public class AuthenticationFilter extends AbstractCasFilter { this.casServerLoginUrl = casServerLoginUrl; } + public void setInternalIp(String internalIp) { + this.internalIp = internalIp; + } + public final void setGatewayStorage(final GatewayResolver gatewayStorage) { this.gatewayStorage = gatewayStorage; } + private boolean isInternalRequest(final HttpServletRequest request) { + if (this.internalIp == null) { + return false; + } + + String realIp = request.getHeader(X_REAL_IP); + + return this.internalIp.equals(realIp); + } + private boolean isRequestUrlExcluded(final HttpServletRequest request) { if (this.ignoreUrlPatternMatcherStrategyClass == null) { return false; diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java b/cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java index 45e3013..ced8c6b 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java @@ -64,6 +64,7 @@ public interface ConfigurationKeys { */ @Deprecated ConfigurationKey DISABLE_XML_SCHEMA_VALIDATION = new ConfigurationKey("disableXmlSchemaValidation", Boolean.FALSE); + ConfigurationKey INTERNAL_IP = new ConfigurationKey("internalIp", null); ConfigurationKey IGNORE_PATTERN = new ConfigurationKey("ignorePattern", null); ConfigurationKey IGNORE_URL_PATTERN_TYPE = new ConfigurationKey("ignoreUrlPatternType", "REGEX"); ConfigurationKey> HOSTNAME_VERIFIER = new ConfigurationKey>("hostnameVerifier", null); diff --git a/pom.xml b/pom.xml index 565b502..17f7215 100644 --- a/pom.xml +++ b/pom.xml @@ -144,8 +144,8 @@ - com.mycila.maven-license-plugin - maven-license-plugin + com.mycila + license-maven-plugin
src/licensing/header.txt
true