Hmm... ..looks really like "Security through obscurity" :(( Guys - how many peoples use CAS worldwide? looks like nobody?
SRC: https://mvnrepository.com/artifact/org.apereo.cas/cas-server-webapp Am Freitag, 31. August 2018 13:05:02 UTC+2 schrieb 党田力: > > I had test on 5.2.6 adn 5.2.7 version > Only append `cas-server-support-json-service-registry` to pom.xml, the ' > cas.serviceRegistry.initFromJson=true' is worked. > Only append `cas-server-support-jpa-service-registry` to pom.xml, the > database is worked. > But I append both them, the services defined in json is not loaded. > > On 5.1.9 version works. > > > 在 2018年5月15日星期二 UTC+8下午8:15:55,David Curry写道: >> >> Lionel and Jann, >> >> Did you ever have the JSON service registry working? If not, I recommend >> that you take all the JPA stuff out of pom.xml and cas.properties and get >> that working correctly first, so that you're only trying to debug one thing >> at a time. Once you have the JSON service registry working correctly, for >> both the main server and the management webapp, then it's time to move >> things to JPA. >> >> The basic steps for moving to JPA *should* be this: >> >> 1. REMOVE the "cas-server-support-json-service-registry" dependency from >> pom.xml (server and management webapp) >> >> 2. Add the "cas-server-support-jpa-service-registry" dependency and >> whatever other dependencies go with it to pom.xml (server and management >> webapp) >> >> 3. Rebuild the server and management webapp >> >> 4. In the server's cas.properties file, include BOTH of these lines: >> >> cas.serviceRegistry.json.location: file:/etc/cas/services >> cas.serviceRegistry.initFromJson: true >> >> >> The first line should already be there (since before you start these >> steps you're using the JSON service registry), but you must add the second >> line. >> >> 5. Add all the lines you need to configure the JPA service registry to >> the server's cas.properties file. >> >> 6. Start the CAS server (do not start the management webapp). You should >> see it load the services from the JSON files (again, this should already be >> working before you start) and then it will magically save them into the JPA >> registry. >> >> 7. Shut the server down. >> >> 8. Check the database to see that the services actually got loaded there. >> If not, this is where you need to start debugging. And the first step of >> that would be setting the log level to "debug" in log4j2.xml, and adding >> whatever Logger configuration you need to make the Oracle JDBC library log >> for you as well. >> >> Once you've got the services loaded into the database.... >> >> 9. Remove the "cas.serviceRegistry.json.location" and >> "cas.serviceRegistry.initFromJson" properties from the server's >> cas.properties file. >> >> 10. Remove the "cas.serviceRegistry.json.location" property from, and add >> all the JPA properties to, the management webapp's management.properties >> file. >> >> At least, that's the procedure I followed to get the MongoDB service >> registry working (see >> https://dacurry-tns.github.io/deploying-apereo-cas/high-avail_service-registry_overview.html). >> >> I've not used the JPA stuff at all, so no guarantees, but I don't see why >> it should be any different. >> >> --Dave >> >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR OF INFORMATION SECURITY* >> INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 212 229-5300 x4728 • [email protected] >> >> [image: The New School] >> >> On Tue, May 15, 2018 at 12:14 AM, Lionel Samuel <[email protected]> >> wrote: >> >>> Changing in "cas.properties" >>> 'cas.serviceRegistry.json.location:file:/etc/cas/services' to >>> 'cas.serviceRegistry.json.location:foobar:/etc/cas/services' >>> >>> The above does not generate an error message --- is that a sign it's not >>> loaded? >>> >>> >>> On Monday, May 14, 2018 at 8:25:37 PM UTC-7, Lionel Samuel wrote: >>>> >>>> I'm working with Jann -- attached is our pom file (we call the jar >>>> my-cas -- which is reflected in the URLs). >>>> >>>> It does not look like the JSON file is loaded -- I don't think it's pom >>>> related --- but at the moment we are both stumped so anything goes. >>>> >>>> 2018-05-14 20:23:17,715 WARN >>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>> service >>>> is found to match >>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@330c1ecf[id= >>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>> >>>> or service access is disallowed. Using default theme [cas-theme-default]> >>>> >>>> On Monday, May 14, 2018 at 5:42:35 PM UTC-7, Jann Malenkoff wrote: >>>>> >>>>> >>>>> Attached is my 'cas.properties' file --- in case I may be missing >>>>> something there (very likely) >>>>> >>>>> >>>>> On Monday, May 14, 2018 at 5:09:12 PM UTC-7, Jann Malenkoff wrote: >>>>>> >>>>>> I had a minor Eureka moment --- but it came to fraught (partially). >>>>>> >>>>>> I has a typo in the 'cas.properties' file: >>>>>> cas.serviceRegistry.json.location:file:/etc/cas/service >>>>>> >>>>>> i,e, 'service' instead of 'services' --- corrected now (validated >>>>>> that the json files are in '/etc/cas/services'). >>>>>> >>>>>> But still no-go.......any ideas will be matched by the maximum Karma >>>>>> I can provide. >>>>>> >>>>>> On Monday, May 14, 2018 at 4:16:39 PM UTC-7, Jann Malenkoff wrote: >>>>>>> >>>>>>> I'm on 5.2.4 --- I had earlier the 5.1 (i.e. >>>>>>> cas.serviceRegistry.config.location) >>>>>>> in 'cas.properties'--- now, updated to below (the 5.2.x version) >>>>>>> >>>>>>> cas.serviceRegistry.json.location:file:/etc/cas/service >>>>>>> cas.serviceRegistry.initFromJson=true >>>>>>> >>>>>>> Still getting error below: >>>>>>> >>>>>>> 2018-05-14 16:11:41,016 WARN >>>>>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>>>>> service >>>>>>> is found to match >>>>>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@3f670479[id= >>>>>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://locahost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>>>>> >>>>>>> or service access is disallowed. Using default theme >>>>>>> [cas-theme-default]> >>>>>>> >>>>>>> Json file: >>>>>>> >>>>>>> { >>>>>>> "@class" : >>>>>>> "org.apereo.cas.services.RegexRegisteredService", >>>>>>> "serviceId" : "^(http)://.*", >>>>>>> "name" : "HTTP wildcard", >>>>>>> "id" : 20170905111650, >>>>>>> "evaluationOrder" : 99999 >>>>>>> } >>>>>>> >>>>>>> Have I missed anything else? Could there be something else in the >>>>>>> logs that can give a clue (I have been hunting but may be missing it)? >>>>>>> >>>>>>> On Monday, May 14, 2018 at 3:47:36 PM UTC-7, Manfredo Hopp wrote: >>>>>>>> >>>>>>>> >>>>>>>> where are these pointing to: >>>>>>>> >>>>>>>> cas.serviceRegistry.json.location for 5.2.x >>>>>>>> or >>>>>>>> cas.serviceRegistry.config.location for 5.1.x >>>>>>>> >>>>>>>> 2018-05-14 19:41 GMT-03:00 Jann Malenkoff <[email protected]>: >>>>>>>> >>>>>>>>> FYI --- the following appears in 'catalina.out' when attempting to >>>>>>>>> access 'http://localhost:8080/cas-management/manage.html,'. >>>>>>>>> >>>>>>>>> 2018-05-14 15:39:09,152 WARN >>>>>>>>> [org.apereo.cas.services.web.ServiceThemeResolver] - <No registered >>>>>>>>> service >>>>>>>>> is found to match >>>>>>>>> [org.apereo.cas.authentication.principal.SimpleWebApplicationServiceImpl@13eed7a6[id= >>>>>>>>> http://localhost:8080/cas-management/manage.html,originalUrl=http://localhost:8080/cas-management/manage.html,artifactId=<null>,principal=<null>,loggedOutAlready=false,format=XML]] >>>>>>>>> >>>>>>>>> or service access is disallowed. Using default theme >>>>>>>>> [cas-theme-default]> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Monday, May 14, 2018 at 3:37:31 PM UTC-7, Jann Malenkoff wrote: >>>>>>>>>> >>>>>>>>>> Hi Richard: >>>>>>>>>> >>>>>>>>>> I have the following in 'cas.properties': >>>>>>>>>> >>>>>>>>>> cas.serviceRegistry.initFromJson=true >>>>>>>>>> >>>>>>>>>> Is that correct to enable the first read from JSON? I have been >>>>>>>>>> staring at the screen for so long and begining to doubt myself w.r.t >>>>>>>>>> true/false flags. >>>>>>>>>> >>>>>>>>>> On Monday, May 14, 2018 at 3:30:38 PM UTC-7, richard.frovarp >>>>>>>>>> wrote: >>>>>>>>>>> >>>>>>>>>>> Do you have initialization on from JSON? Not sure if it will use >>>>>>>>>>> your file or just the defaults. Either way, it should get you into >>>>>>>>>>> the >>>>>>>>>>> manager. Then you configure the manager service, and turn that >>>>>>>>>>> property off. >>>>>>>>>>> >>>>>>>>>>> # Auto-initialize the registry from default JSON service definitions >>>>>>>>>>> # cas.serviceRegistry.initFromJson=false >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On 05/14/2018 05:13 PM, Jann Malenkoff wrote: >>>>>>>>>>> >>>>>>>>>>> Hi All: >>>>>>>>>>> >>>>>>>>>>> I'm trying to get the ' >>>>>>>>>>> http://localhost:8080/cas-management/manage.html' loaded up --- >>>>>>>>>>> but hitting the error message: >>>>>>>>>>> ' >>>>>>>>>>> Application Not Authorized to Use CAS >>>>>>>>>>> >>>>>>>>>>> The services registry of CAS is empty and has no service >>>>>>>>>>> definitions. Applications that wish to authenticate with CAS must >>>>>>>>>>> explicitly be defined in the services registry.' >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> I am hoping to have a JPA service registry --- and have >>>>>>>>>>> configured the dependencies below in the 'cas-overlay-template' >>>>>>>>>>> pom.xml. >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> To enable the access to ' >>>>>>>>>>> http://localhost:8080/cas-management/manage.html, I have added >>>>>>>>>>> the JASON entry as below --- but do not see it in the database >>>>>>>>>>> table >>>>>>>>>>> REGEXREGISTEREDSERVICE (I have cas.serviceRegistry.config.location: >>>>>>>>>>> >>>>>>>>>>> file:/etc/cas/services in 'cas.properties). >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> What could I have missed (or more likely misunderstood)? >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *JSON File in /etc/cas/services (copied -- slightly adjusted -- >>>>>>>>>>> from an earlier post):* >>>>>>>>>>> >>>>>>>>>>> { >>>>>>>>>>> /* >>>>>>>>>>> * Wildcard service definition that applies to any https or >>>>>>>>>>> imaps url. >>>>>>>>>>> * Do not use this definition in a production environment. >>>>>>>>>>> */ >>>>>>>>>>> "@class" : >>>>>>>>>>> "org.apereo.cas.services.RegexRegisteredService", >>>>>>>>>>> "serviceId" : "^(http)://.*", >>>>>>>>>>> "name" : "HTTP wildcard", >>>>>>>>>>> "id" : 20180514, >>>>>>>>>>> "evaluationOrder" : 99999 >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> *pom.xml -- for cas-overlay-template* >>>>>>>>>>> >>>>>>>>>>> <dependencies> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-webapp${app.server}</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> <type>war</type> >>>>>>>>>>> <scope>runtime</scope> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-json-service-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-ldap</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jpa-service-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jpa-ticket-registry</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-jdbc-drivers</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>com.oracle</groupId> >>>>>>>>>>> <artifactId>ojdbc7.jar</artifactId> >>>>>>>>>>> <version>12.1.0.1</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-saml</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-duo</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> <dependency> >>>>>>>>>>> <groupId>org.apereo.cas</groupId> >>>>>>>>>>> >>>>>>>>>>> <artifactId>cas-server-support-events-jpa</artifactId> >>>>>>>>>>> <version>${cas.version}</version> >>>>>>>>>>> </dependency> >>>>>>>>>>> </dependencies> >>>>>>>>>>> -- >>>>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>>>> --- >>>>>>>>>>> You received this message because you are subscribed to the >>>>>>>>>>> Google Groups "CAS Community" group. >>>>>>>>>>> To unsubscribe from this group and stop receiving emails from >>>>>>>>>>> it, send an email to [email protected]. >>>>>>>>>>> To view this discussion on the web visit >>>>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org >>>>>>>>>>> >>>>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/daad2fc6-3a69-4404-9a91-379cfd3ee24e%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>>>> . >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>> - Website: https://apereo.github.io/cas >>>>>>>>> - Gitter Chatroom: https://gitter.im/apereo/cas >>>>>>>>> - List Guidelines: https://goo.gl/1VRrw7 >>>>>>>>> - Contributions: https://goo.gl/mh7qDG >>>>>>>>> --- >>>>>>>>> You received this message because you are subscribed to the Google >>>>>>>>> Groups "CAS Community" group. >>>>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>>>> send an email to [email protected]. >>>>>>>>> To view this discussion on the web visit >>>>>>>>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1dfe783-d3b4-413d-ac25-0b7e7a722247%40apereo.org >>>>>>>>> >>>>>>>>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f1dfe783-d3b4-413d-ac25-0b7e7a722247%40apereo.org?utm_medium=email&utm_source=footer> >>>>>>>>> . >>>>>>>>> >>>>>>>> >>>>>>>> -- >>> - Website: https://apereo.github.io/cas >>> - Gitter Chatroom: https://gitter.im/apereo/cas >>> - List Guidelines: https://goo.gl/1VRrw7 >>> - Contributions: https://goo.gl/mh7qDG >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9789e0c-c236-4089-a30d-d1da6d95e3ce%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/f9789e0c-c236-4089-a30d-d1da6d95e3ce%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/fea1cfc1-8286-4bbb-9556-f750a6dc48b9%40apereo.org.
