(I want to use a groovy script because I'd like to do dynamic redirecturl)
Hello Ray,
>
> Thanks for your answer, the conf seems to be ok, I can access to the log
> in page of the service but when I try to connect with my ID, the access is
> denied.
> Before using groovy script I was able to access the service... I've
> checked my admusers.properties and my account is set to ROLE_ADMIN
>
> The boolean isServiceAccessAllowed is "return true"
>
> class GroovyRegisteredAccessStrategy extends
> DefaultRegisteredServiceAccessStrategy {
> @Override
> boolean isServiceAccessAllowed() {
> return true
> }
>
> Thanks in advance
>
> Debian,
>>
>> Skip the for loop. If you know the attribute key, check it directly
>> (sorry about the use of map in my previous example):
>>
>> if ('Active' == attributes.get('udlAccountStatus'))
>>
>>
>> Also, from a programming perspective, entrySet returns a
>> Set<Map.Entry<String, Object>>.
>>
>> Ray
>>
>> On Thu, 2019-05-23 at 06:59 -0700, Debian HNT wrote:
>>
>> Ray,
>>
>> Excuse me for the inconvenience but I still have errors...
>>
>> I've tried your syntax
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == map.get('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>>
>> I have this error
>> 2019-05-23 15:46:04,201 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No such property: map for class: GroovyRegisteredAccessStrategy>
>> groovy.lang.MissingPropertyException: No such property: map for class:
>> GroovyRegisteredAccessStrategy
>>
>> I've tried this
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == entry.getKey('udlAccountStatus')) {return
>> true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> but I have this error
>> 2019-05-23 15:38:52,086 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: java.util.LinkedHashMap$Entry.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getKey(), getAt(java.lang.String), notify(), grep(),
>> every(), every(groovy.lang.Closure)>
>>
>> When I try to use the Possible solutions with getKey()
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : attributes.entrySet()){
>> if ('Active' == getKey('udlAccountStatus')) {return true}
>> else
>> {return false}
>> }
>> }
>>
>> }
>> I have this error
>>
>> 2019-05-23 15:45:03,124 WARN
>> [org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver]
>>
>> - <No signature of method: GroovyRegisteredAccessStrategy.getKey() is
>> applicable for argument types: (java.lang.String) values: [udlAccountStatus]
>> Possible solutions: getAt(java.lang.String), notify(), getOrder(),
>> grep(), every(), every(groovy.lang.Closure)>
>>
>>
>> any suggestions?
>>
>> Thanks in advance...
>>
>> Debian,
>>
>> I should have looked closer at your method logic.
>> From the method name I suspect that method checks an attribute to
>> determine service access. This is what you originally proposed 'attribute =
>> Active'.
>>
>> You will need to know what attributes you have. You can add logging to
>> the method or increase logging in general:
>>
>> <!-- DEBUG Found principal attributes [...] for [username]
>> Attribute policy [???] allows release of [...] for
>> [username]
>> Final collection of attributes allowed are: [...] -->
>> <AsyncLogger
>> name="org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy"
>>
>> level="debug"/>
>>
>> I also have this in my logging config:
>>
>> <!-- DEBUG Skipping access strategy policy - when no attributes
>> rules are defined
>> These required attributes [...] are examined against
>> [...] before service can proceed - when attrubutes are defined -->
>> <AsyncLogger
>> name="org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy"
>> level="warn"/>
>>
>> Because CAS can perform the access / deny part of your requirements.
>> Service configuration can set an attribute and a value that a user must
>> have to allow access.
>> Since you are trying to modify the redirect URL (you have a third
>> option), you might have to modify the web flow.
>>
>> In general, for your method you will have a check like this
>>
>> if ('Active' == map.get('attribute')) {return true}
>>
>> Ray
>>
>> On Wed, 2019-05-22 at 00:49 -0700, Debian HNT wrote:
>>
>> Ray,
>> Thanks for your answer!
>>
>> I've changed the variable to attributes but it doesnt repair the issue.
>> I dont understand how to set principal to my attribute : account and how
>> to configure the map to active/blocked/waiting?
>> I'm not sure if I cleary understand the function...
>>
>> Thank u in advance...
>>
>>
>> Debian,
>>
>> In doPrincipal..., you are using a variable called 'map' but the variable
>> is 'attributes'.
>>
>> Ray
>>
>> On Tue, 2019-05-21 at 02:22 -0700, Debian HNT wrote:
>>
>> Hello guys,
>>
>> I'm still trying to configure a groovy script for access strategy but I
>> have some errors
>>
>> Here's my access-strategy.groovy
>>
>>
>> import org.apereo.cas.services.*
>> import java.util.*
>>
>> class GroovyRegisteredAccessStrategy extends
>> DefaultRegisteredServiceAccessStrategy {
>> @Override
>> boolean isServiceAccessAllowed() {
>> return true
>> }
>>
>> @Override
>> boolean isServiceAccessAllowedForSso() {
>> return true
>> }
>>
>> @Override
>> boolean doPrincipalAttributesAllowServiceAccess(String principal,
>> Map<String, Object> attributes) {
>> for (Map.Entry<String, Object> entry : map.entrySet()){
>> if (entry.getKey().equals(principal)){
>> return true
>> }
>> }
>> return false
>> }
>> }
>>
>> @Override
>> java.net.URI getUnauthorizedRedirectUrl(){
>> return "https://blocked-acc.html";
>> }
>> }
>>
>>
>>
>> org.springframework.webflow.
>>
>> execution.
>>
>> ActionExecutionException: Exception thrown executing
>> org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction@
>>
>> 2357e4bc in state 'null' of flow 'login' -- action execution attributes were
>> 'map[[empty]]'
>>
>>
>> Caused by: java.lang.NullPointerException
>>
>> at org.apereo.cas.services.
>>
>> GroovyRegisteredServiceAccessS
>>
>> trategy.
>>
>> isServiceAccessAllowed(
>>
>> GroovyRegisteredServiceAccessS
>>
>> trategy.java:49)
>>
>> at org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction.
>>
>> configureWebflowContextForServ
>>
>> ice(InitialFlowSetupAction.
>>
>> java:62)
>>
>> at org.apereo.cas.web.flow.login.
>>
>> InitialFlowSetupAction.
>>
>> doExecute(
>>
>> InitialFlowSetupAction.java:
>>
>> 51)
>>
>> at org.springframework.webflow.
>>
>> action.AbstractAction.execute(
>>
>> AbstractAction.java:188)
>>
>> at sun.reflect.
>>
>> GeneratedMethodAccessor447.
>>
>> invoke(Unknown Source)
>>
>> at sun.reflect.
>>
>> DelegatingMethodAccessorImpl.
>>
>> invoke(
>>
>> DelegatingMethodAccessorImpl.
>>
>> java:43)
>>
>> at java.lang.reflect.Method.
>>
>> invoke(Method.java:498)
>>
>> at org.springframework.util.
>>
>> ReflectionUtils.invokeMethod(
>>
>> ReflectionUtils.java:216)
>>
>> at org.springframework.cloud.
>>
>> context.scope.GenericScope$
>>
>> LockedScopedProxyFactoryBean.
>>
>> invoke(GenericScope.java:470)
>>
>> at org.springframework.aop.
>>
>> framework.
>>
>> ReflectiveMethodInvocation.
>>
>> proceed(
>>
>> ReflectiveMethodInvocation.
>>
>> java:179)
>>
>> at org.springframework.aop.
>>
>> framework.JdkDynamicAopProxy.
>>
>> invoke(JdkDynamicAopProxy.
>>
>> java:213)
>>
>> at com.sun.proxy.$Proxy376.
>>
>> execute(Unknown Source)
>>
>> at org.springframework.webflow.
>>
>> execution.ActionExecutor.
>>
>> execute(ActionExecutor.java:
>>
>> 51)
>>
>> ... 100 more
>>
>>
>>
>>
>> I'd like to set some attributes required and redirection url.
>>
>> For example if the account attribute = Active, i'll be able to join the
>> service
>>
>> but
>>
>> if the account attribute = blocked, i'll be redirect to
>> https://blocked-acc.html <https://blocked.acc.html>
>>
>> or
>>
>> if the account attribute = waiting, i'll be redirect to
>> https://waiting-acc/html <https://waiting.acc/html>
>>
>> I'm new to groovy and I dont understand the issue, May I have some help
>> pls?
>>
>> Regards,
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>> --
>>
>> Ray Bon
>> Programmer Analyst
>> Development Services, University Systems
>> 2507218831 | CLE 019 | [email protected]
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/84caf55d-618d-465f-9bd0-f7d9a94f21b1%40apereo.org.
