Coded this change. Here's the change in one commit:
https://github.com/apetro/cas/commit/e5758d2320f2a3006fc3c4130f05eac0deebaa11 And here's the topic branch: https://github.com/apetro/cas/tree/feature-auto-register-services-management Needs unit test, and mangled whitespace on the change to CASImpl. Nonetheless, I think the above commit is communicative. My solution is to 1) Add a RegisteredService dependency to CASImpl wiring in the fallback registration for the Services Management application. Since that registration is wired in Spring, it can get the configured service identifier from cas.properties via the existing PropertyPlaceholderConfigurer. 2) Detect the case where an attempt to get or validate a ST is being denied for reason of lack of registration of the services management application, and automatically register it just in time. I like that this is minimally active, in that it doesn't touch the registration data unless it's actually a problem. Got a catch-all registration that covers the services management app? Great, CAS won't add a needless registration. Not using the services management UI at all? Great, then the add is never triggered. Only triggered just-in-time when an attempt to CAS authenticate to the services registry would otherwise be denied. I'm not sure I like cluttering CASImpl with this junk. Maybe push it down into DefaultServicesManagerImpl? Anyway, how do folks feel about this? Worth a JIRA and scoping into services registry enhancements for 3.5? Not? I'm pretty tired of troubleshooting lockouts from the services registry, services registry URL changing when CAS is migrated from one host to another, etc. I think CAS detecting this edge case and just doing the right thing would make it friendlier. On 11/03/2011 12:42 PM, Andrew Petro wrote: > Developers, > > 1) Wrote this blog post about blunt instrument response to being > locked out of services management application when using JPA services > registry. > > http://www.unicon.net/blog/apetro/disable_cas_services_registry_authentication > > > > 2) It seems like the services registry could always consider the > services management application authorized to use CAS for > authentication. The identifier for this application is available in > cas.properties. Would it make things better or worse for the services > registry (Or CASImpl in front of it) to be aware of and exceptionally > treat as permitted to use CAS regardless of registration the services > management application URL as configured in properties? > > It's annoying complexity to add, but it also seems to invite Catch-22s > to have the mechanism for administrative registration of services > itself have to be registered via that administrative mechanism. > > Andrew > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
