Thanks Scott! Its easy to get the RESTful service working providing the service ticket in the query string. In my SOAP web service I send the ticket in the SOAP Header, but after receiving it on the server side im not sure what to do with it. Maybe I can re-insert it into the request and pass it to the validation filter...
Aksel. 2010/3/17 Scott Battaglia <[email protected]>: > RESTful Services require that you provide them with a ticket (because there > is no one to enter credentials at the CAS login page). Human interaction > would require the use of the Authentication Filter. > If a ticket is available on the query string, the authentication filter > doesn't do anything. > In either scenario, the validation filter should do all the work necessary > to do proxying. If you've set up the wrapper filter, you can cast the > request.getPrincipal to the appropriate principal and call > getProxyTicketFor(...) > Cheers, > Scott > (that's a lot easier to type when not on a phone, ha!) > > On Wed, Mar 17, 2010 at 7:13 AM, Aksel Bruun <[email protected]> wrote: >> >> I have tried to apply the validation filter first, but nothing seems >> to happen. No entries in the >> log for the cas server or the client. >> Filter mappings are now as follows: >> >> <filter-mapping> >> <filter-name>CAS Validation Filter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> <filter-mapping> >> <filter-name>CAS Authentication Filter</filter-name> >> <url-pattern>/rapport/*</url-pattern> >> </filter-mapping> >> >> <filter-mapping> >> <filter-name>CAS HttpServletRequest Wrapper Filter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> <filter-mapping> >> <filter-name>CAS Assertion Thread Local Filter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> >> However, this setup works perfectly with a RESTful version of the service. >> >> Aksel. >> >> 2010/3/17 <[email protected]>: >> > All the work is done in the validation filter not the authentication >> > filter. >> > >> > >> > Sent from my Verizon Wireless BlackBerry >> > >> > -----Original Message----- >> > From: Aksel Bruun <[email protected]> >> > Date: Wed, 17 Mar 2010 09:49:45 >> > To: <[email protected]> >> > Subject: Re: [cas-user] Proxy ticket retrieval >> > >> > The reason I tried the programmatic approach is that I cannot get the >> > Authentication Filter to work with a >> > web service. So I guess my only option is to implement a RESTful >> > service that can carry the service ticket as >> > a URL parameter. Then I can use the regular approach: >> > Assertion assertion = (Assertion) >> > session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION); >> > >> > Aksel. >> > >> > >> > 2010/3/17 Scott Battaglia <[email protected]>: >> >> If you construct your own validator (I'm not sure why you would) of >> >> course >> >> its not going to work. The filter takes care of setting everything up >> >> correctly and validating the ticket and making proxying available. >> >> >> >> >> >> >> >> On Tue, Mar 16, 2010 at 9:30 AM, Aksel Bruun <[email protected]> >> >> wrote: >> >>> >> >>> Hi all, >> >>> I am able to retrieve a proxygranting ticket(see debug below) but it >> >>> seems that the CAS client cannot use this for retrieval of a >> >>> proxyticket. >> >>> Is it possible that this has something to do with the declaration of >> >>> the proxyGrantingTicketStorage ? >> >>> Code and debug attachet below. >> >>> >> >>> Aksel. >> >>> >> >>> CODE: >> >>> Cas20ServiceTicketValidator ticketValidator = new >> >>> Cas20ServiceTicketValidator(CAS_SERVER_URL); >> >>> >> >>> >> >>> ticketValidator.setProxyCallbackUrl("https://appserver-test/RENTjenesterEkstern/proxyCallback";); >> >>> Assertion assertion = ticketValidator.validate(ticket, >> >>> TARGET_SERVICE_URL); >> >>> System.out.println("Valid from: " + assertion.getValidFromDate()); >> >>> System.out.println("Valid until: " + assertion.getValidUntilDate()); >> >>> String proxyTicket = >> >>> assertion.getPrincipal().getProxyTicketFor(TARGET_REPORT_URL); >> >>> System.out.println("proxyTicket: " + proxyTicket); >> >>> >> >>> >> >>> WEB.XML: >> >>> <filter> >> >>> <filter-name>CAS Validation Filter</filter-name> >> >>> >> >>> >> >>> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class> >> >>> <init-param> >> >>> <param-name>casServerUrlPrefix</param-name> >> >>> <param-value>https://CAS-SERVER/cas/</param-value> >> >>> </init-param> >> >>> <init-param> >> >>> <param-name>serverName</param-name> >> >>> <param-value>http://APP-SERVER</param-value> >> >>> </init-param> >> >>> <init-param> >> >>> <param-name>proxyCallbackUrl</param-name> >> >>> >> >>> >> >>> <param-value>https://APP-SERVER/RENTjenesterEkstern/proxyCallback</param-value> >> >>> </init-param> >> >>> <init-param> >> >>> <param-name>proxyReceptorUrl</param-name> >> >>> <param-value>/proxyCallback</param-value> >> >>> </init-param> >> >>> <init-param> >> >>> >> >>> <param-name>proxyGrantingTicketStorageClass</param-name> >> >>> >> >>> >> >>> <param-value>org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl</param-value> >> >>> </init-param> >> >>> </filter> >> >>> >> >>> DEBUG: >> >>> 14:26:09,062 DEBUG [Cas20ServiceTicketValidator] Retrieving response >> >>> from server. >> >>> 14:26:09,234 DEBUG [CommonUtils] Received proxyGrantingTicketId >> >>> [TGT-179-2fcLlFEa9IAtEIkMpurdfZnhWdJMshPH2tXxNeJxXeHnpb10ji-cas] for >> >>> proxyGrantingTicketIou [PGTIOU-56-rcQzqjhocIhDujfF64iI-cas] >> >>> 14:26:09,234 DEBUG [ProxyGrantingTicketStorageImpl] Saving >> >>> ProxyGrantingTicketIOU and ProxyGrantingTicket combo: >> >>> [PGTIOU-56-rcQzqjhocIhDujfF64iI-cas, >> >>> TGT-179-2fcLlFEa9IAtEIkMpurdfZnhWdJMshPH2tXxNeJxXeHnpb10ji-cas] >> >>> 14:26:09,234 DEBUG [Cas20ServiceTicketValidator] Server response: >> >>> <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'> >> >>> <cas:authenticationSuccess> >> >>> <cas:user>poweltest</cas:user> >> >>> >> >>> >> >>> >> >>> <cas:proxyGrantingTicket>PGTIOU-56-rcQzqjhocIhDujfF64iI-cas</cas:proxyGrantingTicket> >> >>> >> >>> >> >>> </cas:authenticationSuccess> >> >>> </cas:serviceResponse> >> >>> >> >>> 14:26:09,265 INFO [STDOUT] Valid from: Tue Mar 16 14:26:09 CET 2010 >> >>> 14:26:09,265 INFO [STDOUT] Valid until: null >> >>> 14:26:09,265 DEBUG [AttributePrincipalImpl] No ProxyGrantingTicket was >> >>> supplied, so no Proxy Ticket can be retrieved. >> >>> 14:26:09,265 INFO [STDOUT] proxyTicket: null >> >>> >> >>> -- >> >>> You are currently subscribed to [email protected] as: >> >>> [email protected] >> >>> To unsubscribe, change settings or access archives, see >> >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> -- >> >> You are currently subscribed to [email protected] as: >> >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> > >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
