On Tue, Sep 1, 2009 at 8:29 PM, John Watson <[email protected]> wrote:
> Ah, I see what you are saying. I didn't make that realization. It would > definitely cause issues if you follow a link to a protected page and haven't > logged in yet. I will fix that in the wiki pages now. > True, if you set the link.login.url and login.url. The downside is, that > leaves the login.action page open (via direct URL). So if accounts are > created with simple passwords that can be a large security hole. > I think the trick was to always protect that page with the AuthenticationFilter (with a hardcoded service url). If I recall correctly, that's what I had always recommended. So this way there is always one configuration. Auth Filter on the login and validation filter on everything else. So all the other pages rely on Confluence to determine whether to redirect for login or not. Cheers, Scott > > John > > On Tue, Sep 1, 2009 at 04:50, Scott Battaglia > <[email protected]>wrote: > >> Thanks. Took a quick look. Noticed in the validation filter you have the >> "service" parameter defined. I think that will cause trouble when supplying >> the URL dynamically (i.e. whatever page you are on). Would it make more >> sense to configure the serverName? >> >> Also, even if you're not using anonymous access shouldn't JIRA and >> Confluence still know to force you to log in without needing to configure >> the Authentication Filter? >> >> Thanks >> -Scott >> >> >> >> On Tue, Sep 1, 2009 at 2:34 AM, John Watson <[email protected]>wrote: >> >>> I updated the Confluence page to be a near copy of the Jira page since >>> the configuration is nearly the same. >>> At first I had included a tip about my confluence/jira changes because I >>> copied and pasted the page from our Confluence and then realized as I was >>> replying that you asked to wait on that information so I hid them from the >>> HTML view of the Confluence pages. >>> >>> John >>> >>> On Mon, Aug 31, 2009 at 19:56, Scott Battaglia < >>> [email protected]> wrote: >>> >>>> On Mon, Aug 31, 2009 at 8:11 PM, John Watson <[email protected]>wrote: >>>> >>>>> Not a problem. >>>>> I just did something similar for Confluence too. >>>>> >>>>> Also regarding CAS and Confluence; should I modify your original >>>>> confluence page about confluence CAS configuration or should add another >>>>> one >>>>> for your review? >>>>> >>>>> >>>> If the changes are related to your Confluence changes, we should wait >>>> until we update the source and do a release. If its just more information >>>> about configuring in Confluence, you can just edit the existing page. >>>> >>>> Thanks! >>>> Scott >>>> >>>> >>>> >>>>> Thanks, >>>>> >>>>> John >>>>> >>>>> On Mon, Aug 31, 2009 at 14:35, Scott Battaglia < >>>>> [email protected]> wrote: >>>>> >>>>>> John, >>>>>> >>>>>> Can you open an enhancement request in our JIRA for this also (forgot >>>>>> to ask you to do that the other day!). >>>>>> >>>>>> Thanks >>>>>> Scott >>>>>> >>>>>> >>>>>> On Thu, Aug 27, 2009 at 11:42 PM, John Watson >>>>>> <[email protected]>wrote: >>>>>> >>>>>>> Hi everyone, >>>>>>> As in my very recent previous email, I have been trying to get CAS >>>>>>> Client 3.1.7 to work with Atlassian Jira. I have completed my task but >>>>>>> need >>>>>>> to make a little modification to JiraCasAuthenticator.java >>>>>>> >>>>>>> I added support for the logout function that gets called by Seraph >>>>>>> when a user logouts of Jira. >>>>>>> >>>>>>> Index: >>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>> =================================================================== >>>>>>> --- >>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>> (revision 46469) >>>>>>> +++ >>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java >>>>>>> (working copy) >>>>>>> @@ -6,6 +6,7 @@ >>>>>>> package org.jasig.cas.client.integration.atlassian; >>>>>>> >>>>>>> import com.atlassian.seraph.auth.DefaultAuthenticator; >>>>>>> +import com.atlassian.seraph.auth.AuthenticatorException; >>>>>>> import org.apache.commons.logging.Log; >>>>>>> import org.apache.commons.logging.LogFactory; >>>>>>> import org.jasig.cas.client.util.AbstractCasFilter; >>>>>>> @@ -33,7 +34,7 @@ >>>>>>> >>>>>>> if (session != null) { >>>>>>> // user already exists >>>>>>> - if >>>>>>> (session.getAttribute(ConfluenceCasAuthenticator.LOGGED_IN_KEY) != >>>>>>> null) { >>>>>>> + if (session.getAttribute(LOGGED_IN_KEY) != null) { >>>>>>> log.info("Session found; user already logged in."); >>>>>>> return (Principal) >>>>>>> session.getAttribute(LOGGED_IN_KEY); >>>>>>> } >>>>>>> @@ -42,12 +43,27 @@ >>>>>>> >>>>>>> if (assertion != null) { >>>>>>> final Principal p = >>>>>>> getUser(assertion.getPrincipal().getName()); >>>>>>> - request.getSession().setAttribute(LOGGED_IN_KEY, p); >>>>>>> - request.getSession().setAttribute(LOGGED_OUT_KEY, >>>>>>> null); >>>>>>> + session.setAttribute(LOGGED_IN_KEY, p); >>>>>>> + session.setAttribute(LOGGED_OUT_KEY, null); >>>>>>> return p; >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> return super.getUser(request, response); >>>>>>> } >>>>>>> -} >>>>>>> \ No newline at end of file >>>>>>> + >>>>>>> + public boolean logout(final HttpServletRequest request, final >>>>>>> HttpServletResponse response) >>>>>>> + throws AuthenticatorException { >>>>>>> + final HttpSession session = request.getSession(); >>>>>>> + >>>>>>> + if (session != null) { >>>>>>> + final Principal p = (Principal) >>>>>>> session.getAttribute(LOGGED_IN_KEY); >>>>>>> + session.setAttribute(LOGGED_OUT_KEY,p); >>>>>>> + session.setAttribute(LOGGED_IN_KEY,null); >>>>>>> + >>>>>>> session.setAttribute(AbstractCasFilter.CONST_CAS_ASSERTION,null); >>>>>>> + return true; >>>>>>> + } >>>>>>> + >>>>>>> + return super.logout(request, response); >>>>>>> + } >>>>>>> +} >>>>>>> >>>>>>> >>>>>>> John Watson >>>>>>> Jr. Web Developer >>>>>>> University of California, Merced >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
