Ray,
Excuse me for the inconvenience but I still have errors...
I've tried your syntax
import org.apereo.cas.services.*
import java.util.*
class GroovyRegisteredAccessStrategy extends
DefaultRegisteredServiceAccessStrategy {
@Override
boolean isServiceAccessAllowed() {
return true
}
@Override
boolean isServiceAccessAllowedForSso() {
return true
}
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == map.get('udlAccountStatus')) {return true}
else
{return false}
}
}
}
I have this error
2019-05-23 15:46:04,201 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No such property: map for class: GroovyRegisteredAccessStrategy>
groovy.lang.MissingPropertyException: No such property: map for class:
GroovyRegisteredAccessStrategy
I've tried this
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == entry.getKey('udlAccountStatus')) {return
true}
else
{return false}
}
}
}
but I have this error
2019-05-23 15:38:52,086 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No signature of method: java.util.LinkedHashMap$Entry.getKey() is
applicable for argument types: (java.lang.String) values: [udlAccountStatus]
Possible solutions: getKey(), getAt(java.lang.String), notify(), grep(),
every(), every(groovy.lang.Closure)>
When I try to use the Possible solutions with getKey()
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == getKey('udlAccountStatus')) {return true}
else
{return false}
}
}
}
I have this error
2019-05-23 15:45:03,124 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No signature of method: GroovyRegisteredAccessStrategy.getKey() is
applicable for argument types: (java.lang.String) values: [udlAccountStatus]
Possible solutions: getAt(java.lang.String), notify(), getOrder(), grep(),
every(), every(groovy.lang.Closure)>
any suggestions?
Thanks in advance...
Debian,
>
> I should have looked closer at your method logic.
> From the method name I suspect that method checks an attribute to
> determine service access. This is what you originally proposed 'attribute =
> Active'.
>
> You will need to know what attributes you have. You can add logging to the
> method or increase logging in general:
>
> <!-- DEBUG Found principal attributes [...] for [username]
> Attribute policy [???] allows release of [...] for
> [username]
> Final collection of attributes allowed are: [...] -->
> <AsyncLogger
> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>
> level="debug"/>
>
> I also have this in my logging config:
>
> <!-- DEBUG Skipping access strategy policy - when no attributes
> rules are defined
> These required attributes [...] are examined against
> [...] before service can proceed - when attrubutes are defined -->
> <AsyncLogger
> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
> level="warn"/>
>
> Because CAS can perform the access / deny part of your requirements.
> Service configuration can set an attribute and a value that a user must
> have to allow access.
> Since you are trying to modify the redirect URL (you have a third option),
> you might have to modify the web flow.
>
> In general, for your method you will have a check like this
>
> if ('Active' == map.get('attribute')) {return true}
>
> Ray
>
> On Wed, 2019-05-22 at 00:49 -0700, Debian HNT wrote:
>
> Ray,
> Thanks for your answer!
>
> I've changed the variable to attributes but it doesnt repair the issue.
> I dont understand how to set principal to my attribute : account and how
> to configure the map to active/blocked/waiting?
> I'm not sure if I cleary understand the function...
>
> Thank u in advance...
>
>
> Debian,
>
> In doPrincipal..., you are using a variable called 'map' but the variable
> is 'attributes'.
>
> Ray
>
> On Tue, 2019-05-21 at 02:22 -0700, Debian HNT wrote:
>
> Hello guys,
>
> I'm still trying to configure a groovy script for access strategy but I
> have some errors
>
> Here's my access-strategy.groovy
>
>
> import org.apereo.cas.services.*
> import java.util.*
>
> class GroovyRegisteredAccessStrategy extends
> DefaultRegisteredServiceAccessStrategy {
> @Override
> boolean isServiceAccessAllowed() {
> return true
> }
>
> @Override
> boolean isServiceAccessAllowedForSso() {
> return true
> }
>
> @Override
> boolean doPrincipalAttributesAllowServiceAccess(String principal,
> Map<String, Object> attributes) {
> for (Map.Entry<String, Object> entry : map.entrySet()){
> if (entry.getKey().equals(principal)){
> return true
> }
> }
> return false
> }
> }
>
> @Override
> java.net.URI getUnauthorizedRedirectUrl(){
> return "https://blocked-acc.html";
> }
> }
>
>
>
> org.springframework.webflow.
>
> execution.
>
> ActionExecutionException: Exception thrown executing
> org.apereo.cas.web.flow.login.
>
> InitialFlowSetupAction@
>
> 2357e4bc in state 'null' of flow 'login' -- action execution attributes were
> 'map[[empty]]'
>
>
> Caused by: java.lang.NullPointerException
>
> at org.apereo.cas.services.
>
> GroovyRegisteredServiceAccessS
>
> trategy.
>
> isServiceAccessAllowed(
>
> GroovyRegisteredServiceAccessS
>
> trategy.java:49)
>
> at org.apereo.cas.web.flow.login.
>
> InitialFlowSetupAction.
>
> configureWebflowContextForServ
>
> ice(InitialFlowSetupAction.
>
> java:62)
>
> at org.apereo.cas.web.flow.login.
>
> InitialFlowSetupAction.
>
> doExecute(
>
> InitialFlowSetupAction.java:
>
> 51)
>
> at org.springframework.webflow.
>
> action.AbstractAction.execute(
>
> AbstractAction.java:188)
>
> at sun.reflect.
>
> GeneratedMethodAccessor447.
>
> invoke(Unknown Source)
>
> at sun.reflect.
>
> DelegatingMethodAccessorImpl.
>
> invoke(
>
> DelegatingMethodAccessorImpl.
>
> java:43)
>
> at java.lang.reflect.Method.
>
> invoke(Method.java:498)
>
> at org.springframework.util.
>
> ReflectionUtils.invokeMethod(
>
> ReflectionUtils.java:216)
>
> at org.springframework.cloud.
>
> context.scope.GenericScope$
>
> LockedScopedProxyFactoryBean.
>
> invoke(GenericScope.java:470)
>
> at org.springframework.aop.
>
> framework.
>
> ReflectiveMethodInvocation.
>
> proceed(
>
> ReflectiveMethodInvocation.
>
> java:179)
>
> at org.springframework.aop.
>
> framework.JdkDynamicAopProxy.
>
> invoke(JdkDynamicAopProxy.
>
> java:213)
>
> at com.sun.proxy.$Proxy376.
>
> execute(Unknown Source)
>
> at org.springframework.webflow.
>
> execution.ActionExecutor.
>
> execute(ActionExecutor.java:
>
> 51)
>
> ... 100 more
>
>
>
>
> I'd like to set some attributes required and redirection url.
>
> For example if the account attribute = Active, i'll be able to join the
> service
>
> but
>
> if the account attribute = blocked, i'll be redirect to
> https://blocked-acc.html <https://blocked.acc.html>
>
> or
>
> if the account attribute = waiting, i'll be redirect to
> https://waiting-acc/html <https://waiting.acc/html>
>
> I'm new to groovy and I dont understand the issue, May I have some help
> pls?
>
> Regards,
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | [email protected]
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | [email protected] <javascript:>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c76822a4-2bd3-4658-bd9c-08e5ce4e4cdc%40apereo.org.
