Appears I "solved" this. I had this in the tomcat "root" web.xml. I put
these directives in the <webapps>/WEB-INF/web.xml with root path "/*"
and gave me what I wanted.
C
On 2024-11-26 7:38 AM, Colin Ryan wrote:
Ray,
That's what I had originally. It all works if my filter is applied to
"/*" but if I use subpath for the webapp installed in tomcat "/ldapconn/*"
it appears to not get invoked/triggered etc.
I will sanity check my eyes again today.
C
On 2024-11-25 3:42 PM, Ray Bon wrote:
Colin,
I have this filter order (I should have included this earlier):
Authentication
Validation
Wrapper
Filters are applied in the order they are listed in web.xml. There is
no mechanism to skip nor go backwards.
One must authenticate before validate.
Note: if you want to use a logout filter, it would precede authenticate.
Ray
On Mon, 2024-11-25 at 14:38 -0500, Colin Ryan wrote:
You don't often get email from [email protected]. Learn why this is
important <https://aka.ms/LearnAboutSenderIdentification>
Ray,
Changed to the following:
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>
Same issue
Thanks
On 2024-11-25 1:55 PM, Ray Bon wrote:
Colin,
The filters are ordered. Authentication filter must be listed
before validation filter.
Ray
On Fri, 2024-11-22 at 13:40 -0500, Colin Ryan wrote:
[You don't often get email from [email protected]. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Folks,
CAS Client 3.6.4
Filter is starting in the logs, but I only want CAS to be in play
for 1
specific WebApp installed on this Tomcat 9 instance.
If I change the url-patterns in the web.xml file to "/*" everything
works, but if I try to scope CAS down to the specific App the filter's
appear to never be "invoked". I have a simple .jsp file in
/ldapconn/casverify.jsp for confirming CAS. If I in a freshly started
browser go to
/ldapconn/casverify.jsp I do not get redirected to CAS for
authentication and get errors obviously in my JSP.
Even if I go to CAS directly and login and then go to
/ldapconn/casverify.jsp I get the same error.
If I change the url-patterns to just "/*" it all works as expected.
Here is my web.xml
<!-- CAS Validation Filter -->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>Warning this link may be malicious, it actually goes
to the site "ssoservice.mydomain.net" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376066536%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OfsE9HMJzlE4fkcoP83ShfURURxqDMcJ6wksYw%2Ft7wk%3D&reserved=0
<https://ssoservice.mydomain.net/cas></param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>Warning this link may be malicious, it actually goes
to the site "ldapconn.mydomain.net:8080" while
displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376086761%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=pChxlFSf6aasE1D4Lq037Rv6nzPIU4WHqjPAtS0i%2FdE%3D&reserved=0
<http://ldapconn.mydomain.net:8080/></param-value>
</init-param>
</filter>
<!-- Cas Filter/Wrapper -->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>Warning this link may be malicious, it actually goes
to the site "ssoservice.mydomain.net" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fssoservice.mydomain.net%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376097782%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=XS%2BgBACgj1tp16bY3db3ohSw94WajWupQnxRXB3ehEs%3D&reserved=0
<https://ssoservice.mydomain.net/cas></param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>Warning this link may be malicious, it actually goes
to the site "ldapconn.mydomain.net:8080" while
displaying:https://can01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fldapconn.mydomain.net%3A8080%2F&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376110255%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=adVzJR7CAYa7QVdyIIey%2B3iJNmJVikxwj5%2Bn%2BpNMPCc%3D&reserved=0
<http://ldapconn.mydomain.net:8080/></param-value>
</init-param>
</filter>
<!-- CAS Wrapper -->
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/ldapconn/*</url-pattern>
</filter-mapping>
--
- Website: Warning this link may be malicious, it actually goes to
the site "apereo.github.io" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fapereo.github.io%2Fcas&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376121285%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=xuxlHxU%2BKrXYJA3i%2BlDGbDBY0DqpnwpnRqDfbUTwzz4%3D&reserved=0
<https://apereo.github.io/cas>
- List Guidelines: Warning this link may be malicious, it actually
goes to the site "goo.gl" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2F1VRrw7&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376132089%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ghQQ69ubKIsO564UuW8kOjc44w0pEuvhW8tSD98monc%3D&reserved=0
<https://goo.gl/1VRrw7>
- Contributions: Warning this link may be malicious, it actually
goes to the site "goo.gl" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgoo.gl%2Fmh7qDG&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376142745%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=ZEJVa97c2Fq1tA7WrXU2p5whAp%2B6TVkp%2BBWUJ8avVnQ%3D&reserved=0
<https://goo.gl/mh7qDG>
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email [email protected].
To view this discussion visit Warning this link may be malicious,
it actually goes to the site "groups.google.com" while
displaying:https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fd%2Fmsgid%2Fcas-user%2Fc9057747-931f-4578-9459-e049e5c80ff2%2540caveo.ca&data=05%7C02%7Crbon%40uvic.ca%7Cb7c70ead985a42bd102308dd0b71fbdd%7C9c61d3779894427cb13b1d6a51662b4e%7C0%7C0%7C638679306376153359%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=7QMR5RrzsGcphF8UDr9VjHGc8sQ6p2ggdX6S15%2BrUWM%3D&reserved=0
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/c9057747-931f-4578-9459-e049e5c80ff2%40caveo.ca>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/00051693d044ee8e0deda0d969b8287a654c0232.camel%40uvic.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google
Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/752e1e5b-fcdb-4dc9-aec8-87172a0edee7%40caveo.ca
<https://groups.google.com/a/apereo.org/d/msgid/cas-user/752e1e5b-fcdb-4dc9-aec8-87172a0edee7%40caveo.ca?utm_medium=email&utm_source=footer>.
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/ca95e633-4b35-4e2d-afc5-644320853367%40caveo.ca.
