RESTful Services require that you provide them with a ticket (because there is no one to enter credentials at the CAS login page). Human interaction would require the use of the Authentication Filter.
If a ticket is available on the query string, the authentication filter doesn't do anything. In either scenario, the validation filter should do all the work necessary to do proxying. If you've set up the wrapper filter, you can cast the request.getPrincipal to the appropriate principal and call getProxyTicketFor(...) Cheers, Scott (that's a lot easier to type when not on a phone, ha!) On Wed, Mar 17, 2010 at 7:13 AM, Aksel Bruun <[email protected]> wrote: > I have tried to apply the validation filter first, but nothing seems > to happen. No entries in the > log for the cas server or the client. > Filter mappings are now as follows: > > <filter-mapping> > <filter-name>CAS Validation Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>CAS Authentication Filter</filter-name> > <url-pattern>/rapport/*</url-pattern> > </filter-mapping> > > <filter-mapping> > <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > <filter-mapping> > <filter-name>CAS Assertion Thread Local Filter</filter-name> > <url-pattern>/*</url-pattern> > </filter-mapping> > > However, this setup works perfectly with a RESTful version of the service. > > Aksel. > > 2010/3/17 <[email protected]>: > > All the work is done in the validation filter not the authentication > filter. > > > > > > Sent from my Verizon Wireless BlackBerry > > > > -----Original Message----- > > From: Aksel Bruun <[email protected]> > > Date: Wed, 17 Mar 2010 09:49:45 > > To: <[email protected]> > > Subject: Re: [cas-user] Proxy ticket retrieval > > > > The reason I tried the programmatic approach is that I cannot get the > > Authentication Filter to work with a > > web service. So I guess my only option is to implement a RESTful > > service that can carry the service ticket as > > a URL parameter. Then I can use the regular approach: > > Assertion assertion = (Assertion) > > session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); > > > > Aksel. > > > > > > 2010/3/17 Scott Battaglia <[email protected]>: > >> If you construct your own validator (I'm not sure why you would) of > course > >> its not going to work. The filter takes care of setting everything up > >> correctly and validating the ticket and making proxying available. > >> > >> > >> > >> On Tue, Mar 16, 2010 at 9:30 AM, Aksel Bruun <[email protected]> > wrote: > >>> > >>> Hi all, > >>> I am able to retrieve a proxygranting ticket(see debug below) but it > >>> seems that the CAS client cannot use this for retrieval of a > >>> proxyticket. > >>> Is it possible that this has something to do with the declaration of > >>> the proxyGrantingTicketStorage ? > >>> Code and debug attachet below. > >>> > >>> Aksel. > >>> > >>> CODE: > >>> Cas20ServiceTicketValidator ticketValidator = new > >>> Cas20ServiceTicketValidator(CAS_SERVER_URL); > >>> > >>> ticketValidator.setProxyCallbackUrl(" > https://appserver-test/RENTjenesterEkstern/proxyCallback";); > >>> Assertion assertion = ticketValidator.validate(ticket, > >>> TARGET_SERVICE_URL); > >>> System.out.println("Valid from: " + assertion.getValidFromDate()); > >>> System.out.println("Valid until: " + assertion.getValidUntilDate()); > >>> String proxyTicket = > >>> assertion.getPrincipal().getProxyTicketFor(TARGET_REPORT_URL); > >>> System.out.println("proxyTicket: " + proxyTicket); > >>> > >>> > >>> WEB.XML: > >>> <filter> > >>> <filter-name>CAS Validation Filter</filter-name> > >>> > >>> > > <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> > >>> <init-param> > >>> <param-name>casServerUrlPrefix</param-name> > >>> <param-value>https://CAS-SERVER/cas/</param-value> > >>> </init-param> > >>> <init-param> > >>> <param-name>serverName</param-name> > >>> <param-value>http://APP-SERVER</param-value> > >>> </init-param> > >>> <init-param> > >>> <param-name>proxyCallbackUrl</param-name> > >>> > >>> <param-value>https://APP-SERVER/RENTjenesterEkstern/proxyCallback > </param-value> > >>> </init-param> > >>> <init-param> > >>> <param-name>proxyReceptorUrl</param-name> > >>> <param-value>/proxyCallback</param-value> > >>> </init-param> > >>> <init-param> > >>> <param-name>proxyGrantingTicketStorageClass</param-name> > >>> > >>> > > <param-value>org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl</param-value> > >>> </init-param> > >>> </filter> > >>> > >>> DEBUG: > >>> 14:26:09,062 DEBUG [Cas20ServiceTicketValidator] Retrieving response > >>> from server. > >>> 14:26:09,234 DEBUG [CommonUtils] Received proxyGrantingTicketId > >>> [TGT-179-2fcLlFEa9IAtEIkMpurdfZnhWdJMshPH2tXxNeJxXeHnpb10ji-cas] for > >>> proxyGrantingTicketIou [PGTIOU-56-rcQzqjhocIhDujfF64iI-cas] > >>> 14:26:09,234 DEBUG [ProxyGrantingTicketStorageImpl] Saving > >>> ProxyGrantingTicketIOU and ProxyGrantingTicket combo: > >>> [PGTIOU-56-rcQzqjhocIhDujfF64iI-cas, > >>> TGT-179-2fcLlFEa9IAtEIkMpurdfZnhWdJMshPH2tXxNeJxXeHnpb10ji-cas] > >>> 14:26:09,234 DEBUG [Cas20ServiceTicketValidator] Server response: > >>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> > >>> <cas:authenticationSuccess> > >>> <cas:user>poweltest</cas:user> > >>> > >>> > >>> > > <cas:proxyGrantingTicket>PGTIOU-56-rcQzqjhocIhDujfF64iI-cas</cas:proxyGrantingTicket> > >>> > >>> > >>> </cas:authenticationSuccess> > >>> </cas:serviceResponse> > >>> > >>> 14:26:09,265 INFO [STDOUT] Valid from: Tue Mar 16 14:26:09 CET 2010 > >>> 14:26:09,265 INFO [STDOUT] Valid until: null > >>> 14:26:09,265 DEBUG [AttributePrincipalImpl] No ProxyGrantingTicket was > >>> supplied, so no Proxy Ticket can be retrieved. > >>> 14:26:09,265 INFO [STDOUT] proxyTicket: null > >>> > >>> -- > >>> You are currently subscribed to [email protected] as: > >>> [email protected] > >>> To unsubscribe, change settings or access archives, see > >>> http://www.ja-sig.org/wiki/display/JSG/cas-user > >> > >> -- > >> You are currently subscribed to [email protected] as: > >> [email protected] > >> To unsubscribe, change settings or access archives, see > >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
