Changed the subject to an appropriate one
---------- Forwarded message ----------
From: Ram Mohan <ram.mo...@customerxps.com>
Date: Fri, Jun 19, 2009 at 12:16 AM
Subject: Re: [cas-dev] Need help in authenticating without using login UI
To: cas-dev@lists.jasig.org
Thanks Andrew for these pointers. they cleared my concepts about cas and how
they handle security.
I have a new problem. I implemented a basic Java Restful Client.
while trying to get the TGT, I am getting the following error
java.lang.IllegalStateException: The Web form cannot be parsed as no fresh
content is available. If this entity has been already read once, caching of
the entity is required
i thought i could be trying to generate a TGT for the user, who already have
a active TGT. but, this wasn't the case.
I am attaching the log and also the java client code. Can someone point me
where i am going wrong.
-Ram
On Mon, Jun 15, 2009 at 8:48 PM, Andrew Feller <afel...@lsu.edu> wrote:
> You might also find the white papers on the actual URL protocols useful,
> too.
>
> http://www.jasig.org/cas/protocol
>
>
> On 6/15/09 10:10 AM, "Ram Mohan" <ram.mo...@customerxps.com> wrote:
>
> Thanks Andrew,
> I will go through them.
>
> -Ram
>
> On Mon, Jun 15, 2009 at 7:47 PM, Andrew Feller <afel...@lsu.edu> wrote:
>
> Ram,
>
> Two things:
>
> 1. I think you should spend some time reading about the CAS architecture so
> you how it works.
>
> CAS 1 architecture: http://www.jasig.org/cas/cas1-architecture
> CAS 2 architecture: http://www.jasig.org/cas/cas2-architecture
> Proxy authentication: http://www.jasig.org/cas/proxy-authentication
>
> The TGT is some information granted by the CAS server and retained by
> the user as proof the user logged in.
> The ST is some information granted by the CAS server, passed along by
> the user, and verified by CAS client protecting application to ensure user
> logged in.
>
> 2. Check out the RESTful API
>
> RESTful API: http://www.ja-sig.org/wiki/display/CASUM/RESTful+API
>
> HTH,
> A-
>
>
> On 6/15/09 8:51 AM, "Ram Mohan" <ram.mo...@customerxps.com <
> http://ram.mo...@customerxps.com> > wrote:
>
> Hi,
>
> I am a newbie to CAS and security. In my case, CAS Server 3.3.2 + Acegi CAS
> Client is used for Authentication.
> I took up a task of providing API for username/password authentication i.e,
> MyClass.authenticate(Credentials credentials).
> I think I dont even need to generate a Service Ticket. TGT cookie is
> enough.
>
> For me, its simply looking like authentication without the login UI and
> sending the credentials as parameters in the request.
> am i going in the right direction? also, i think application of this sort
> would already have been implemented as this is a common scenario. Any
> pointers in this regard would be very helpful
>
> Thanks in advance,
> Ram
>
>
> --
> Andrew Feller, Analyst
> LSU University Information Services
> 200 Frey Computing Services Center
> Baton Rouge, LA 70803
> Office: 225.578.3737
> Fax: 225.578.6400
>
> --
> You are currently subscribed to cas-dev@lists.jasig.org as:
> ram.mo...@customerxps.com
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>
--
You are currently subscribed to cas-dev@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev
2009-06-19 00:05:37,993 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Creating instance of bean 'ticketResource'>
2009-06-19 00:05:37,994 DEBUG
[org.springframework.beans.factory.annotation.InjectionMetadata] - <Processing
injected field of bean 'ticketResource': AutowiredFieldElement for private
org.jasig.cas.CentralAuthenticationService
org.jasig.cas.integration.restlet.TicketResource.centralAuthenticationService>
2009-06-19 00:05:37,994 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Returning cached instance of singleton bean 'centralAuthenticationService'>
2009-06-19 00:05:37,994 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Finished creating instance of bean 'ticketResource'>
2009-06-19 00:05:37,994 DEBUG
[org.jasig.cas.integration.restlet.TicketResource] - <Obtaining credentials...>
2009-06-19 00:05:37,994 DEBUG
[com.noelios.restlet.ext.spring.RestletFrameworkServlet] - <Could not complete
request>
java.lang.IllegalStateException: The Web form cannot be parsed as no fresh
content is available. If this entity has been already read once, caching of the
entity is required
at com.noelios.restlet.util.FormUtils.parse(FormUtils.java:95)
at com.noelios.restlet.Engine.parse(Engine.java:975)
at org.restlet.data.Form.<init>(Form.java:74)
at org.restlet.data.Form.<init>(Form.java:119)
at org.restlet.data.Message.getEntityAsForm(Message.java:179)
at
org.jasig.cas.integration.restlet.TicketResource.acceptRepresentation(TicketResource.java:56)
at org.restlet.resource.Resource.post(Resource.java:678)
at org.restlet.resource.Resource.handlePost(Resource.java:527)
at org.restlet.Finder.handle(Finder.java:344)
at org.restlet.Filter.doHandle(Filter.java:137)
at org.restlet.Filter.handle(Filter.java:180)
at org.restlet.Router.handle(Router.java:471)
at
com.noelios.restlet.ext.servlet.ServletConverter.service(ServletConverter.java:130)
at
com.noelios.restlet.ext.spring.RestletFrameworkServlet.doService(RestletFrameworkServlet.java:92)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-06-19 00:05:37,995 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext] -
<Publishing event in context
[org.springframework.web.context.support.xmlwebapplicationcont...@1abbec4]:
ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/];
client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null];
user=[null]; time=[3ms]; status=[failed: java.lang.IllegalStateException: The
Web form cannot be parsed as no fresh content is available. If this entity has
been already read once, caching of the entity is required]>
2009-06-19 00:05:37,995 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext] -
<Publishing event in context
[org.springframework.web.context.support.xmlwebapplicationcont...@1cbda0a]:
ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/];
client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null];
user=[null]; time=[3ms]; status=[failed: java.lang.IllegalStateException: The
Web form cannot be parsed as no fresh content is available. If this entity has
been already read once, caching of the entity is required]>
2009-06-19 00:05:38,026 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Creating instance of bean 'ticketGrantingTicketResource'>
2009-06-19 00:05:38,027 DEBUG
[org.springframework.beans.factory.annotation.InjectionMetadata] - <Processing
injected field of bean 'ticketGrantingTicketResource': AutowiredFieldElement
for private org.jasig.cas.CentralAuthenticationService
org.jasig.cas.integration.restlet.TicketGrantingTicketResource.centralAuthenticationService>
2009-06-19 00:05:38,027 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Returning cached instance of singleton bean 'centralAuthenticationService'>
2009-06-19 00:05:38,027 DEBUG
[org.springframework.beans.factory.support.DefaultListableBeanFactory] -
<Finished creating instance of bean 'ticketGrantingTicketResource'>
2009-06-19 00:05:38,027 DEBUG
[org.jasig.cas.ticket.registry.DefaultTicketRegistry] - <Attempting to retrieve
ticket [null]>
2009-06-19 00:05:38,027 ERROR
[org.jasig.cas.integration.restlet.TicketGrantingTicketResource] -
<org.jasig.cas.ticket.InvalidTicketException>
org.jasig.cas.ticket.InvalidTicketException
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:177)
at
org.jasig.cas.CentralAuthenticationServiceImpl.grantServiceTicket(CentralAuthenticationServiceImpl.java:245)
at
org.jasig.cas.integration.restlet.TicketGrantingTicketResource.acceptRepresentation(TicketGrantingTicketResource.java:67)
at org.restlet.resource.Resource.post(Resource.java:678)
at org.restlet.resource.Resource.handlePost(Resource.java:527)
at org.restlet.Finder.handle(Finder.java:344)
at org.restlet.Filter.doHandle(Filter.java:137)
at org.restlet.Filter.handle(Filter.java:180)
at org.restlet.Router.handle(Router.java:471)
at
com.noelios.restlet.ext.servlet.ServletConverter.service(ServletConverter.java:130)
at
com.noelios.restlet.ext.spring.RestletFrameworkServlet.doService(RestletFrameworkServlet.java:92)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:511)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
2009-06-19 00:05:38,028 DEBUG
[com.noelios.restlet.ext.spring.RestletFrameworkServlet] - <Successfully
completed request>
2009-06-19 00:05:38,028 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext] -
<Publishing event in context
[org.springframework.web.context.support.xmlwebapplicationcont...@1abbec4]:
ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/null];
client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null];
user=[null]; time=[2ms]; status=[OK]>
2009-06-19 00:05:38,028 DEBUG
[org.springframework.web.context.support.XmlWebApplicationContext] -
<Publishing event in context
[org.springframework.web.context.support.xmlwebapplicationcont...@1cbda0a]:
ServletRequestHandledEvent: url=[//cas-server-webapp-3.3/v1/tickets/null];
client=[127.0.0.1]; method=[POST]; servlet=[restlet]; session=[null];
user=[null]; time=[2ms]; status=[OK]>
package com.cxps.authenticator;
import java.io.IOException;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpException;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.methods.PostMethod;
public class Authenticator {
public final String CAS_CONTEXT = "cas-server-webapp-3.3";
public final String RESTLET_SERVLET = "/v1/tickets/";
private static HttpClient client = null;
private static PostMethod method = null;
public Authenticator(){
client = new HttpClient();
}
public String getTGTString(String CASServiceURL, String username, String password){
String TGTString = null;
int returnCode;
CASServiceURL = CASServiceURL + "/"+ CAS_CONTEXT + RESTLET_SERVLET;
PostMethod method = new PostMethod(CASServiceURL);
//method.addParameter("username", username);
//method.addParameter("password",password);
method.addRequestHeader("Content-type", "application/x-www-form-urlencoded");
method.addRequestHeader("Accept", "text/plain");
try {
returnCode = client.executeMethod(method);
if (returnCode == HttpStatus.SC_NOT_IMPLEMENTED) {
System.err.println("The Post method is not implemented by this URI");
} else {
System.out.println("Return Code of the Post Method: "+ returnCode);
System.out.println(method.getResponseBodyAsString());
//String location = method.getResponseHeader("location").toString();
//TGTString = location.substring(location.lastIndexOf('/')+1);
System.out.println("The TGTString obtained is"+TGTString);
}
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
method.releaseConnection();
}
return TGTString;
}
public String getServiceTicket(String CASServiceURL, String TGT, String service){
String ServiceTicket = null;
int returnCode;
CASServiceURL = CASServiceURL + "/"+ CAS_CONTEXT + RESTLET_SERVLET + TGT;
PostMethod method = new PostMethod(CASServiceURL);
method.addParameter("service", service);
method.addRequestHeader("Content-type", "application/x-www-form-urlencoded");
method.addRequestHeader("Accept", "text/plain");
try {
returnCode = client.executeMethod(method);
if (returnCode == HttpStatus.SC_NOT_IMPLEMENTED) {
System.err.println("The Post method is not implemented by this URI");
} else {
System.out.println("Return Code of the Post Method: "+ returnCode);
ServiceTicket = method.getResponseBodyAsString();
System.out.println("The ST String obtained is: "+ ServiceTicket);
}
} catch (HttpException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
method.releaseConnection();
}
return ServiceTicket;
}
public static void main(String[] args){
Authenticator auth = new Authenticator();
String TGT = auth.getTGTString("https://localhost:8443/";, "victor", "victor123$");
System.out.println("TGT string is "+ TGT);
String ST = auth.getServiceTicket("https://localhost:8443/";, TGT, "http://localhost:5000/Seer-Gab/noesis-process";);
System.out.println("ServiceTicket is "+ ST);
}
}
