Re: [cas-user] Filter Ordering Question

Thu, 09 Jun 2011 13:33:36 -0700 


On 6/9/11 3:10 PM, Marvin Addison wrote:

I saw in the CAS documentation it specifies the order to be....

1. AuthenticationFilter
2. TicketValidationFilter (whichever one is chosen)
3. HttpServletRequestWrapperFilter
4. AssertionThreadLocalFilter

     

This is correct.


   

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/CasProxyServlet</url-pattern>
</filter-mapping>

     

...

   

<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>  <!--
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
-->
<url-pattern>/Login</url-pattern>
</filter-mapping>

     

I'm not aware of any use case for two validation filters.  In any case
the authentication filter must come before the validation filter, or
you'll have cases where you attempt to validate without a ticket and
bad things happen.


   

Okay, well I have been making comparisons with my uPortal web.xml file 
and the documentation that I am following 
(https://wiki.jasig.org/display/CASC/Single+Sign+On+to+WebAdvisor+Using+CAS%2C+ClearPass%2C+and+a+Custom+Java+Filter) 
and noticed it uses two. And, while this documentation states to place 
the custom filter last, after following the instructions and testing 
everything it's acting like it's not finding the principal or 
session.... and the error message is stating that Perhaps I placed the 
filter before the CAS client filters. It seems to be tripping up at 
retrievePrincipalFromSessionOrRequest() which is returning null because 
of this line:



 final Assertion assertion = (Assertion) (session == null ? 
request.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION)

        : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION));


I'm not sure if this is helpful but I tested this through the browser: 
https://mycas-server.edu/cas/login?service=https://my-app.edu/instance/WebAdvisor 
and I am forwarded to the CAS login screen...I enter my credentials 
(which I confirmed are being authenticated)...and then it appends the 
ticket to the application and the filter executes where it then errors out.



I guess from here I just need some help figuring out how I go about 
debugging.


Thank you,
  Laura








M


   



--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user






















					Reply via email to