Answer the CAS_ProxyChain_AllowedList object for this client.
public getAllowedProxyChains ( ) : CAS_ProxyChain_AllowedList | ||
리턴 | CAS_ProxyChain_AllowedList |
/** * Wrong order of valid regexp * * @return void * * @expectedException CAS_AuthenticationException * @outputBuffering enabled */ public function testAllowedProxiesRegexpFailureWrongOrder() { $this->object->setTicket('ST-123456-asdfasdfasgww2323radf3'); $this->object->getAllowedProxyChains()->allowProxyChain(new CAS_ProxyChain(array('/^https\\:\\/\\/anotherdomain.org\\/mysite\\/test2$/', '/http\\:\\/\\/firstproxy\\.com.*$/'))); $result = $this->object->validateCAS20($url, $text_response, $tree_response); $this->assertFalse($result); }
private function initializeCAS() { $casClient = new \CAS_Client(CAS_VERSION_2_0, true, Config::get('cas.hostname'), Config::get('cas.port'), Config::get('cas.context')); $casClient->setNoCasServerValidation(); if (true === Config::get('pgtservice.enabled', false)) { $casClient->setCallbackURL(Config::get('pgtservice.callback')); $casClient->setPGTStorage(new ProxyTicketServiceStorage($casClient)); } else { if (false !== Config::get('redis.hostname', false)) { $casClient->setCallbackURL($this->url->getURL() . '/callback.php'); $redis = new \Redis(); $redis->connect(Config::get('redis.hostname'), Config::get('redis.port', 6379), 2, null, 100); $redis->setOption(\Redis::OPT_SERIALIZER, \Redis::SERIALIZER_PHP); $redis->setOption(\Redis::OPT_PREFIX, Config::get('application.project_name') . ':PHPCAS_TICKET_STORAGE:'); $redis->select((int) Config::get('redis.hostname', 2)); $casClient->setPGTStorage(new RedisTicketStorage($casClient, $redis)); } else { $casClient->setCallbackURL($this->url->getURL() . '/callback.php'); $casClient->setPGTStorageFile(session_save_path()); // Handle logout requests but do not validate the server $casClient->handleLogoutRequests(false); } } // Accept all proxy chains $casClient->getAllowedProxyChains()->allowProxyChain(new \CAS_ProxyChain_Any()); return $casClient; }
/** * If you want your service to be proxied you have to enable it (default * disabled) and define an accepable list of proxies that are allowed to * proxy your service. * * Add each allowed proxy definition object. For the normal CAS_ProxyChain * class, the constructor takes an array of proxies to match. The list is in * reverse just as seen from the service. Proxies have to be defined in reverse * from the service to the user. If a user hits service A and gets proxied via * B to service C the list of acceptable on C would be array(B,A). The definition * of an individual proxy can be either a string or a regexp (preg_match is used) * that will be matched against the proxy list supplied by the cas server * when validating the proxy tickets. The strings are compared starting from * the beginning and must fully match with the proxies in the list. * Example: * phpCAS::allowProxyChain(new CAS_ProxyChain(array( * 'https://app.example.com/' * ))); * phpCAS::allowProxyChain(new CAS_ProxyChain(array( * '/^https:\/\/app[0-9]\.example\.com\/rest\//', * 'http://client.example.com/' * ))); * * For quick testing or in certain production screnarios you might want to * allow allow any other valid service to proxy your service. To do so, add * the "Any" chain: * phpcas::allowProxyChain(new CAS_ProxyChain_Any); * THIS SETTING IS HOWEVER NOT RECOMMENDED FOR PRODUCTION AND HAS SECURITY * IMPLICATIONS: YOU ARE ALLOWING ANY SERVICE TO ACT ON BEHALF OF A USER * ON THIS SERVICE. * * @param CAS_ProxyChain_Interface $proxy_chain A proxy-chain that will be * matched against the proxies requesting access * * @return void */ public static function allowProxyChain(CAS_ProxyChain_Interface $proxy_chain) { phpCAS::traceBegin(); phpCAS::_validateClientExists(); if (self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_2_0 && self::$_PHPCAS_CLIENT->getServerVersion() !== CAS_VERSION_3_0) { phpCAS::error('this method can only be used with the cas 2.0/3.0 protocols'); } self::$_PHPCAS_CLIENT->getAllowedProxyChains()->allowProxyChain($proxy_chain); phpCAS::traceEnd(); }