I don't know if I'm grasping what you're saying but let me give it a shot. I
didn't see anything about the AuthenticationFilter in the previous versions
of the Confluence page. But this is what I'm understanding from what you
just said.
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/*</url-pattern></filter-mapping>
Should be
<filter-mapping>
<filter-name>CasAuthenticationFilter</filter-name>
<url-pattern>/login.action</url-pattern></filter-mapping>
And then still modify login.url and link.login.url to point directly to the
CAS server.
That way if someone does:
https://confluence.institution.edu/confluence/login.action
The CAS AuthenticationFilter takes over the login page and Confluence takes
care of the rest of the pages?
Regards,
John
On Tue, Sep 1, 2009 at 18:43, Scott Battaglia <[email protected]>wrote:
> On Tue, Sep 1, 2009 at 8:29 PM, John Watson <[email protected]> wrote:
>
>> Ah, I see what you are saying. I didn't make that realization. It would
>> definitely cause issues if you follow a link to a protected page and haven't
>> logged in yet. I will fix that in the wiki pages now.
>> True, if you set the link.login.url and login.url. The downside is, that
>> leaves the login.action page open (via direct URL). So if accounts are
>> created with simple passwords that can be a large security hole.
>>
>
> I think the trick was to always protect that page with the
> AuthenticationFilter (with a hardcoded service url). If I recall correctly,
> that's what I had always recommended. So this way there is always one
> configuration. Auth Filter on the login and validation filter on everything
> else. So all the other pages rely on Confluence to determine whether to
> redirect for login or not.
>
> Cheers,
> Scott
>
>
>
>>
>> John
>>
>> On Tue, Sep 1, 2009 at 04:50, Scott Battaglia
>> <[email protected]>wrote:
>>
>>> Thanks. Took a quick look. Noticed in the validation filter you have
>>> the "service" parameter defined. I think that will cause trouble when
>>> supplying the URL dynamically (i.e. whatever page you are on). Would it
>>> make more sense to configure the serverName?
>>>
>>> Also, even if you're not using anonymous access shouldn't JIRA and
>>> Confluence still know to force you to log in without needing to configure
>>> the Authentication Filter?
>>>
>>> Thanks
>>> -Scott
>>>
>>>
>>>
>>> On Tue, Sep 1, 2009 at 2:34 AM, John Watson <[email protected]>wrote:
>>>
>>>> I updated the Confluence page to be a near copy of the Jira page since
>>>> the configuration is nearly the same.
>>>> At first I had included a tip about my confluence/jira changes because I
>>>> copied and pasted the page from our Confluence and then realized as I was
>>>> replying that you asked to wait on that information so I hid them from the
>>>> HTML view of the Confluence pages.
>>>>
>>>> John
>>>>
>>>> On Mon, Aug 31, 2009 at 19:56, Scott Battaglia <
>>>> [email protected]> wrote:
>>>>
>>>>> On Mon, Aug 31, 2009 at 8:11 PM, John Watson <[email protected]>wrote:
>>>>>
>>>>>> Not a problem.
>>>>>> I just did something similar for Confluence too.
>>>>>>
>>>>>> Also regarding CAS and Confluence; should I modify your original
>>>>>> confluence page about confluence CAS configuration or should add another
>>>>>> one
>>>>>> for your review?
>>>>>>
>>>>>>
>>>>> If the changes are related to your Confluence changes, we should wait
>>>>> until we update the source and do a release. If its just more information
>>>>> about configuring in Confluence, you can just edit the existing page.
>>>>>
>>>>> Thanks!
>>>>> Scott
>>>>>
>>>>>
>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> John
>>>>>>
>>>>>> On Mon, Aug 31, 2009 at 14:35, Scott Battaglia <
>>>>>> [email protected]> wrote:
>>>>>>
>>>>>>> John,
>>>>>>>
>>>>>>> Can you open an enhancement request in our JIRA for this also (forgot
>>>>>>> to ask you to do that the other day!).
>>>>>>>
>>>>>>> Thanks
>>>>>>> Scott
>>>>>>>
>>>>>>>
>>>>>>> On Thu, Aug 27, 2009 at 11:42 PM, John Watson <[email protected]
>>>>>>> > wrote:
>>>>>>>
>>>>>>>> Hi everyone,
>>>>>>>> As in my very recent previous email, I have been trying to get CAS
>>>>>>>> Client 3.1.7 to work with Atlassian Jira. I have completed my task but
>>>>>>>> need
>>>>>>>> to make a little modification to JiraCasAuthenticator.java
>>>>>>>>
>>>>>>>> I added support for the logout function that gets called by Seraph
>>>>>>>> when a user logouts of Jira.
>>>>>>>>
>>>>>>>> Index:
>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java
>>>>>>>> ===================================================================
>>>>>>>> ---
>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java
>>>>>>>> (revision 46469)
>>>>>>>> +++
>>>>>>>> cas-client-integration-atlassian/src/main/java/org/jasig/cas/client/integration/atlassian/JiraCasAuthenticator.java
>>>>>>>> (working copy)
>>>>>>>> @@ -6,6 +6,7 @@
>>>>>>>> package org.jasig.cas.client.integration.atlassian;
>>>>>>>>
>>>>>>>> import com.atlassian.seraph.auth.DefaultAuthenticator;
>>>>>>>> +import com.atlassian.seraph.auth.AuthenticatorException;
>>>>>>>> import org.apache.commons.logging.Log;
>>>>>>>> import org.apache.commons.logging.LogFactory;
>>>>>>>> import org.jasig.cas.client.util.AbstractCasFilter;
>>>>>>>> @@ -33,7 +34,7 @@
>>>>>>>>
>>>>>>>> if (session != null) {
>>>>>>>> // user already exists
>>>>>>>> - if
>>>>>>>> (session.getAttribute(ConfluenceCasAuthenticator.LOGGED_IN_KEY) !=
>>>>>>>> null) {
>>>>>>>> + if (session.getAttribute(LOGGED_IN_KEY) != null) {
>>>>>>>> log.info("Session found; user already logged
>>>>>>>> in.");
>>>>>>>> return (Principal)
>>>>>>>> session.getAttribute(LOGGED_IN_KEY);
>>>>>>>> }
>>>>>>>> @@ -42,12 +43,27 @@
>>>>>>>>
>>>>>>>> if (assertion != null) {
>>>>>>>> final Principal p =
>>>>>>>> getUser(assertion.getPrincipal().getName());
>>>>>>>> - request.getSession().setAttribute(LOGGED_IN_KEY,
>>>>>>>> p);
>>>>>>>> - request.getSession().setAttribute(LOGGED_OUT_KEY,
>>>>>>>> null);
>>>>>>>> + session.setAttribute(LOGGED_IN_KEY, p);
>>>>>>>> + session.setAttribute(LOGGED_OUT_KEY, null);
>>>>>>>> return p;
>>>>>>>> }
>>>>>>>> }
>>>>>>>>
>>>>>>>> return super.getUser(request, response);
>>>>>>>> }
>>>>>>>> -}
>>>>>>>> \ No newline at end of file
>>>>>>>> +
>>>>>>>> + public boolean logout(final HttpServletRequest request, final
>>>>>>>> HttpServletResponse response)
>>>>>>>> + throws AuthenticatorException {
>>>>>>>> + final HttpSession session = request.getSession();
>>>>>>>> +
>>>>>>>> + if (session != null) {
>>>>>>>> + final Principal p = (Principal)
>>>>>>>> session.getAttribute(LOGGED_IN_KEY);
>>>>>>>> + session.setAttribute(LOGGED_OUT_KEY,p);
>>>>>>>> + session.setAttribute(LOGGED_IN_KEY,null);
>>>>>>>> +
>>>>>>>> session.setAttribute(AbstractCasFilter.CONST_CAS_ASSERTION,null);
>>>>>>>> + return true;
>>>>>>>> + }
>>>>>>>> +
>>>>>>>> + return super.logout(request, response);
>>>>>>>> + }
>>>>>>>> +}
>>>>>>>>
>>>>>>>>
>>>>>>>> John Watson
>>>>>>>> Jr. Web Developer
>>>>>>>> University of California, Merced
>>>>>>>>
>>>>>>>> --
>>>>>>>> You are currently subscribed to [email protected] as:
>>>>>>>> [email protected]
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to [email protected] as:
>>>>>>> [email protected]
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [email protected] as:
>>>>>> [email protected]
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>> --
>>>>> You are currently subscribed to [email protected] as:
>>>>> [email protected]
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>>
>>>> --
>>>> You are currently subscribed to [email protected] as:
>>>> [email protected]
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>>
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
