Debian,
Skip the for loop. If you know the attribute key, check it directly (sorry
about the use of map in my previous example):
if ('Active' == attributes.get('udlAccountStatus'))
Also, from a programming perspective, entrySet returns a Set<Map.Entry<String,
Object>>.
Ray
On Thu, 2019-05-23 at 06:59 -0700, Debian HNT wrote:
Ray,
Excuse me for the inconvenience but I still have errors...
I've tried your syntax
import org.apereo.cas.services.*
import java.util.*
class GroovyRegisteredAccessStrategy extends
DefaultRegisteredServiceAccessStrategy {
@Override
boolean isServiceAccessAllowed() {
return true
}
@Override
boolean isServiceAccessAllowedForSso() {
return true
}
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == map.get('udlAccountStatus')) {return true}
else
{return false}
}
}
}
I have this error
2019-05-23 15:46:04,201 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No such property: map for class: GroovyRegisteredAccessStrategy>
groovy.lang.MissingPropertyException: No such property: map for class:
GroovyRegisteredAccessStrategy
I've tried this
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == entry.getKey('udlAccountStatus')) {return true}
else
{return false}
}
}
}
but I have this error
2019-05-23 15:38:52,086 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No signature of method: java.util.LinkedHashMap$Entry.getKey() is
applicable for argument types: (java.lang.String) values: [udlAccountStatus]
Possible solutions: getKey(), getAt(java.lang.String), notify(), grep(),
every(), every(groovy.lang.Closure)>
When I try to use the Possible solutions with getKey()
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : attributes.entrySet()){
if ('Active' == getKey('udlAccountStatus')) {return true}
else
{return false}
}
}
}
I have this error
2019-05-23 15:45:03,124 WARN
[org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
- <No signature of method: GroovyRegisteredAccessStrategy.getKey() is
applicable for argument types: (java.lang.String) values: [udlAccountStatus]
Possible solutions: getAt(java.lang.String), notify(), getOrder(), grep(),
every(), every(groovy.lang.Closure)>
any suggestions?
Thanks in advance...
Debian,
I should have looked closer at your method logic.
>From the method name I suspect that method checks an attribute to determine
>service access. This is what you originally proposed 'attribute = Active'.
You will need to know what attributes you have. You can add logging to the
method or increase logging in general:
<!-- DEBUG Found principal attributes [...] for [username]
Attribute policy [???] allows release of [...] for [username]
Final collection of attributes allowed are: [...] -->
<AsyncLogger
name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
level="debug"/>
I also have this in my logging config:
<!-- DEBUG Skipping access strategy policy - when no attributes rules
are defined
These required attributes [...] are examined against [...]
before service can proceed - when attrubutes are defined -->
<AsyncLogger
name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
level="warn"/>
Because CAS can perform the access / deny part of your requirements. Service
configuration can set an attribute and a value that a user must have to allow
access.
Since you are trying to modify the redirect URL (you have a third option), you
might have to modify the web flow.
In general, for your method you will have a check like this
if ('Active' == map.get('attribute')) {return true}
Ray
On Wed, 2019-05-22 at 00:49 -0700, Debian HNT wrote:
Ray,
Thanks for your answer!
I've changed the variable to attributes but it doesnt repair the issue.
I dont understand how to set principal to my attribute : account and how to
configure the map to active/blocked/waiting?
I'm not sure if I cleary understand the function...
Thank u in advance...
Debian,
In doPrincipal..., you are using a variable called 'map' but the variable is
'attributes'.
Ray
On Tue, 2019-05-21 at 02:22 -0700, Debian HNT wrote:
Hello guys,
I'm still trying to configure a groovy script for access strategy but I have
some errors
Here's my access-strategy.groovy
import org.apereo.cas.services.*
import java.util.*
class GroovyRegisteredAccessStrategy extends
DefaultRegisteredServiceAccessStrategy {
@Override
boolean isServiceAccessAllowed() {
return true
}
@Override
boolean isServiceAccessAllowedForSso() {
return true
}
@Override
boolean doPrincipalAttributesAllowServiceAccess(String principal,
Map<String, Object> attributes) {
for (Map.Entry<String, Object> entry : map.entrySet()){
if (entry.getKey().equals(principal)){
return true
}
}
return false
}
}
@Override
java.net.URI getUnauthorizedRedirectUrl(){
return "https://blocked-acc.html";
}
}
org.springframework.webflow.
execution.
ActionExecutionException: Exception thrown executing
org.apereo.cas.web.flow.login.
InitialFlowSetupAction@
2357e4bc in state 'null' of flow 'login' -- action execution attributes were
'map[[empty]]'
Caused by: java.lang.NullPointerException
at org.apereo.cas.services.
GroovyRegisteredServiceAccessS
trategy.
isServiceAccessAllowed(
GroovyRegisteredServiceAccessS
trategy.java:49)
at org.apereo.cas.web.flow.login.
InitialFlowSetupAction.
configureWebflowContextForServ
ice(InitialFlowSetupAction.
java:62)
at org.apereo.cas.web.flow.login.
InitialFlowSetupAction.
doExecute(
InitialFlowSetupAction.java:
51)
at org.springframework.webflow.
action.AbstractAction.execute(
AbstractAction.java:188)
at sun.reflect.
GeneratedMethodAccessor447.
invoke(Unknown Source)
at sun.reflect.
DelegatingMethodAccessorImpl.
invoke(
DelegatingMethodAccessorImpl.
java:43)
at java.lang.reflect.Method.
invoke(Method.java:498)
at org.springframework.util.
ReflectionUtils.invokeMethod(
ReflectionUtils.java:216)
at org.springframework.cloud.
context.scope.GenericScope$
LockedScopedProxyFactoryBean.
invoke(GenericScope.java:470)
at org.springframework.aop.
framework.
ReflectiveMethodInvocation.
proceed(
ReflectiveMethodInvocation.
java:179)
at org.springframework.aop.
framework.JdkDynamicAopProxy.
invoke(JdkDynamicAopProxy.
java:213)
at com.sun.proxy.$Proxy376.
execute(Unknown Source)
at org.springframework.webflow.
execution.ActionExecutor.
execute(ActionExecutor.java:
51)
... 100 more
I'd like to set some attributes required and redirection url.
For example if the account attribute = Active, i'll be able to join the service
but
if the account attribute = blocked, i'll be redirect to
https://blocked-acc.html<https://blocked.acc.html>
or
if the account attribute = waiting, i'll be redirect to
https://waiting-acc/html<https://waiting.acc/html>
I'm new to groovy and I dont understand the issue, May I have some help pls?
Regards,
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<javascript:>
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/b76ce2cbda170e578bceefb13e477701c4872191.camel%40uvic.ca.
