Merge pull request #1 from TouchInstinct/feature/skip-internal-ip

support internal requests skip

cas-client-core/src/main/java/org/jasig/cas/client/authentication/AuthenticationFilter.java

@@ -82,6 +82,10 @@ public class AuthenticationFilter extends AbstractCasFilter {
 
     private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null;
 
+    private String internalIp = null;
+
+    private static final String X_REAL_IP = "x-real-ip";
+
     private static final Map<String, Class<? extends UrlPatternMatcherStrategy>> PATTERN_MATCHER_TYPES =
         new HashMap<String, Class<? extends UrlPatternMatcherStrategy>>();
 
@@ -115,6 +119,7 @@ public class AuthenticationFilter extends AbstractCasFilter {
             setRenew(getBoolean(ConfigurationKeys.RENEW));
             setGateway(getBoolean(ConfigurationKeys.GATEWAY));
             setMethod(getString(ConfigurationKeys.METHOD));
+            setInternalIp(getString(ConfigurationKeys.INTERNAL_IP));
 
             final String ignorePattern = getString(ConfigurationKeys.IGNORE_PATTERN);
             final String ignoreUrlPatternType = getString(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE);
@@ -169,6 +174,12 @@ public class AuthenticationFilter extends AbstractCasFilter {
         final HttpServletRequest request = (HttpServletRequest) servletRequest;
         final HttpServletResponse response = (HttpServletResponse) servletResponse;
 
+        if (isInternalRequest(request)) {
+            logger.debug("Request is ignored [internal].");
+            filterChain.doFilter(request, response);
+            return;
+        }
+
         if (isRequestUrlExcluded(request)) {
             logger.debug("Request is ignored.");
             filterChain.doFilter(request, response);
@@ -231,10 +242,24 @@ public class AuthenticationFilter extends AbstractCasFilter {
         this.casServerLoginUrl = casServerLoginUrl;
     }
 
+    public void setInternalIp(String internalIp) {
+        this.internalIp = internalIp;
+    }
+
     public final void setGatewayStorage(final GatewayResolver gatewayStorage) {
         this.gatewayStorage = gatewayStorage;
     }
 
+    private boolean isInternalRequest(final HttpServletRequest request) {
+        if (this.internalIp == null) {
+            return false;
+        }
+
+        String realIp = request.getHeader(X_REAL_IP);
+
+        return this.internalIp.equals(realIp);
+    }
+
     private boolean isRequestUrlExcluded(final HttpServletRequest request) {
         if (this.ignoreUrlPatternMatcherStrategyClass == null) {
             return false;

cas-client-core/src/main/java/org/jasig/cas/client/configuration/ConfigurationKeys.java

@@ -64,6 +64,7 @@ public interface ConfigurationKeys {
      */
     @Deprecated
     ConfigurationKey<Boolean> DISABLE_XML_SCHEMA_VALIDATION = new ConfigurationKey<Boolean>("disableXmlSchemaValidation", Boolean.FALSE);
+    ConfigurationKey<String> INTERNAL_IP = new ConfigurationKey<String>("internalIp", null);
     ConfigurationKey<String> IGNORE_PATTERN = new ConfigurationKey<String>("ignorePattern", null);
     ConfigurationKey<String> IGNORE_URL_PATTERN_TYPE = new ConfigurationKey<String>("ignoreUrlPatternType", "REGEX");
     ConfigurationKey<Class<? extends HostnameVerifier>> HOSTNAME_VERIFIER = new ConfigurationKey<Class<? extends HostnameVerifier>>("hostnameVerifier", null);

pom.xml

@@ -144,8 +144,8 @@
             </plugin>
 
             <plugin>
-                <groupId>com.mycila.maven-license-plugin</groupId>
-                <artifactId>maven-license-plugin</artifactId>
+                <groupId>com.mycila</groupId>
+                <artifactId>license-maven-plugin</artifactId>
                 <configuration>
                     <header>src/licensing/header.txt</header>
                     <skipExistingHeaders>true</skipExistingHeaders>