Hmm... ..looks really like "Security through obscurity" :(( Guys - how many peoples use CAS worldwide? looks like nobody?
SRC: https://mvnrepository.com/artifact/org.apereo.cas/cas-server-webapp Am Freitag, 31. August 2018 13:05:02 UTC+2 schrieb 党田力: > > I had test on 5.2.6 adn 5.2.7 version > Only append `cas-server-support-json-service-registry` to pom.xml, the ' > cas.serviceRegistry.initFromJson=true' is worked. > Only append `cas-server-support-jpa-service-registry` to pom.xml, the > database is worked. > But I append both them, the services defined in json is not loaded. > > On 5.1.9 version works. > > > 在 2018年5月15日星期二 UTC+8下午8:15:55,David Curry写道: >> >> Lionel and Jann, >> >> Did you ever have the JSON service registry working? If not, I recommend >> that you take all the JPA stuff out of pom.xml and cas.properties and get >> that working correctly first, so that you're only trying to debug one thing >> at a time. Once you have the JSON service registry working correctly, for >> both the main server and the management webapp, then it's time to move >> things to JPA. >> >> The basic steps for moving to JPA *should* be this: >> >> 1. REMOVE the "cas-server-support-json-service-registry" dependency from >> pom.xml (server and management webapp) >> >> 2. Add the "cas-server-support-jpa-service-registry" dependency and >> whatever other dependencies go with it to pom.xml (server and management >> webapp) >> >> 3. Rebuild the server and management webapp >> >> 4. In the server's cas.properties file, include BOTH of these lines: >> >> cas.serviceRegistry.json.location: file:/etc/cas/services >> cas.serviceRegistry.initFromJson: true >> >> >> The first line should already be there (since before you start these >> steps you're using the JSON service registry), but you must add the second >> line. >> >> 5. Add all the lines you need to configure the JPA service registry to >> the server's cas.properties file. >> >> 6. Start the CAS server (do not start the management webapp). You should >> see it load the services from the JSON files (again, this should already be >> working before you start) and then it will magically save them into the JPA >> registry. >> >> 7. Shut the server down. >> >> 8. Check the database to see that the services actually got loaded there. >> If not, this is where you need to start debugging. And the first step of >> that would be setting the log level to "debug" in log4j2.xml, and adding >> whatever Logger configuration you need to make the Oracle JDBC library log >> for you as well. >> >> Once you've got the services loaded into the database.... >> >> 9. Remove the "cas.serviceRegistry.json.location" and >> "cas.serviceRegistry.initFromJson" properties from the server's >> cas.properties file. >> >> 10. Remove the "cas.serviceRegistry.json.location" property from, and add >> all the JPA properties to, the management webapp's management.properties >> file. >> >> At least, that's the procedure I followed to get the MongoDB service >> registry working (see >> https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html). >> >> I've not used the JPA stuff at all, so no guarantees, but I don't see why >> it should be any different. >> >> --Dave >> >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 212 229-5300 x4728 • david.cu...@newschool.edu >> >> [image: The New School] >> >> On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel <lionel....@gmail.com> >> wrote: >> >>> Changing in "cas.properties" >>> 'cas.serviceRegistry.json.location:file:/etc/cas/services' to >>> 'cas.serviceRegistry.json.location:foobar:/etc/cas/services' >>> >>> The above does not generate an error message --- is that a sign it's not >>> loaded? >>> >>> >>> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote: >>>> >>>> I'm working with Jann -- attached is our pom file (we call the jar >>>> my-cas -- which is reflected in the URLs). >>>> >>>> It does not look like the JSON file is loaded -- I don't think it's pom >>>> related --- but at the moment we are both stumped so anything goes. >>>> >>>> 2018-05-14 20:23:17,715 WARN >>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>> service >>>> is found to match >>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id= >>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>> >>>> or service access is disallowed. Using default theme [cas-theme-default]> >>>> >>>> On Monday, May 14, 2018 at 5:42:35 PM UTC-7, Jann Malenkoff wrote: >>>>> >>>>> >>>>> Attached is my 'cas.properties' file --- in case I may be missing >>>>> something there (very likely) >>>>> >>>>> >>>>> On Monday, May 14, 2018 at 5:09:12 PM UTC-7, Jann Malenkoff wrote: >>>>>> >>>>>> I had a minor Eureka moment --- but it came to fraught (partially). >>>>>> >>>>>> I has a typo in the 'cas.properties' file: >>>>>> cas.serviceRegistry.json.location:file:/etc/cas/service >>>>>> >>>>>> i,e, 'service' instead of 'services' --- corrected now (validated >>>>>> that the json files are in '/etc/cas/services'). >>>>>> >>>>>> But still no-go.......any ideas will be matched by the maximum Karma >>>>>> I can provide. >>>>>> >>>>>> On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote: >>>>>>> >>>>>>> I'm on 5.2.4 --- I had earlier the 5.1 (i.e. >>>>>>> cas.serviceRegistry.config.location) >>>>>>> in 'cas.properties'--- now, updated to below (the 5.2.x version) >>>>>>> >>>>>>> cas.serviceRegistry.json.location:file:/etc/cas/service >>>>>>> cas.serviceRegistry.initFromJson=true >>>>>>> >>>>>>> Still getting error below: >>>>>>> >>>>>>> 2018-05-14 16:11:41,016 WARN >>>>>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>>>>> service >>>>>>> is found to match >>>>>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@3f670479[id= >>>>>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>>>>> >>>>>>> or service access is disallowed. Using default theme >>>>>>> [cas-theme-default]> >>>>>>> >>>>>>> Json file: >>>>>>> >>>>>>> { >>>>>>> "@class" : >>>>>>> "org.apereo.cas.services.RegexRegisteredService", >>>>>>> "serviceId" : "^(http)://.*", >>>>>>> "name" : "HTTP wildcard", >>>>>>> "id" : 20170905111650, >>>>>>> "evaluationOrder" : 99999 >>>>>>> } >>>>>>> >>>>>>> Have I missed anything else? Could there be something else in the >>>>>>> logs that can give a clue (I have been hunting but may be missing it)? >>>>>>> >>>>>>> On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote: >>>>>>>> >>>>>>>> >>>>>>>> where are these pointing to: >>>>>>>> >>>>>>>> cas.serviceRegistry.json.location for 5.2.x >>>>>>>> or >>>>>>>> cas.serviceRegistry.config.location for 5.1.x >>>>>>>> >>>>>>>> 2018-05-14 19:41 GMT-03:00 Jann Malenkoff <jannma...@gmail.com>: >>>>>>>> >>>>>>>>> FYI --- the following appears in 'catalina.out' when attempting to >>>>>>>>> access 'http://localhost:8080/cas-management/manage.html,'. >>>>>>>>> >>>>>>>>> 2018-05-14 15:39:09,152 WARN >>>>>>>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>>>>>>> service >>>>>>>>> is found to match >>>>>>>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id= >>>>>>>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>>>>>>> >>>>>>>>> or service access is disallowed. Using default theme >>>>>>>>> [cas-theme-default]> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote: >>>>>>>>>> >>>>>>>>>> Hi Richard: >>>>>>>>>> >>>>>>>>>> I have the following in 'cas.properties': >>>>>>>>>> >>>>>>>>>> cas.serviceRegistry.initFromJson=true >>>>>>>>>> >>>>>>>>>> Is that correct to enable the first read from JSON? I have been >>>>>>>>>> staring at the screen for so long and begining to doubt myself w.r.t >>>>>>>>>> true/false flags. >>>>>>>>>> >>>>>>>>>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Do you have initialization on from JSON? Not sure if it will use >>>>>>>>>>> your file or just the defaults. Either way, it should get you into >>>>>>>>>>> the >>>>>>>>>>> manager. Then you configure the manager service, and turn that >>>>>>>>>>> property off. >>>>>>>>>>> >>>>>>>>>>> # Auto-initialize the registry from default JSON service definitions >>>>>>>>>>> # cas.serviceRegistry.initFromJson=false >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote: >>>>>>>>>>> >>>>>>>>>>> Hi All: >>>>>>>>>>> >>>>>>>>>>> I'm trying to get the ' >>>>>>>>>>> http://localhost:8080/cas-management/manage.html' loaded up --- >>>>>>>>>>> but hitting the error message: >>>>>>>>>>> ' >>>>>>>>>>> Application Not Authorized to Use CAS >>>>>>>>>>> >>>>>>>>>>> The services registry of CAS is empty and has no service >>>>>>>>>>> definitions. Applications that wish to authenticate with CAS must >>>>>>>>>>> explicitly be defined in the services registry.' >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I am hoping to have a JPA service registry --- and have >>>>>>>>>>> configured the dependencies below in the 'cas-overlay-template' >>>>>>>>>>> pom.xml. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To enable the access to ' >>>>>>>>>>> http://localhost:8080/cas-management/manage.html, I have added >>>>>>>>>>> the JASON entry as below --- but do not see it in the database >>>>>>>>>>> table >>>>>>>>>>> REGEXREGISTEREDSERVICE (I have cas.serviceRegistry.config.location: >>>>>>>>>>> >>>>>>>>>>> file:/etc/cas/services in 'cas.properties). >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> What could I have missed (or more likely misunderstood)? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *JSON File in /etc/cas/services (copied -- slightly adjusted -- >>>>>>>>>>> from an earlier post):* >>>>>>>>>>> >>>>>>>>>>> { >>>>>>>>>>> /* >>>>>>>>>>> * Wildcard service definition that applies to any https or >>>>>>>>>>> imaps url. >>>>>>>>>>> * Do not use this definition in a production environment. >>>>>>>>>>> */ >>>>>>>>>>> "@class" : >>>>>>>>>>> "org.apereo.cas.services.RegexRegisteredService", >>>>>>>>>>> "serviceId" : "^(http)://.*", >>>>>>>>>>> "name" : "HTTP wildcard", >>>>>>>>>>> "id" : 20180514, >>>>>>>>>>> "evaluationOrder" : 99999 >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *pom.xml -- for cas-overlay-template* >>>>>>>>>>> >>>>>>>>>>> <dependencies> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> <type>war</type> >>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-json-service-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jpa-service-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jpa-ticket-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jdbc-drivers</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>com.oracle</groupId> >>>>>>>>>>> <artifactId>ojdbc7.jar</artifactId> >>>>>>>>>>> <version>12.1.0.1</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-duo</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-events-jpa</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> </dependencies> >>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to cas-user+u...@apereo.org. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "CAS Community" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to cas-user+u...@apereo.org. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1dfe783-d3b4-413d-ac25-0b7e7a722247%40apereo.org >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1dfe783-d3b4-413d-ac25-0b7e7a722247%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> >>>>>>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9789e0c-c236-4089-a30d-d1da6d95e3ce%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9789e0c-c236-4089-a30d-d1da6d95e3ce%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fea1cfc1-8286-4bbb-9556-f750a6dc48b9%40apereo.org.
