I am seeing an odd issue when configuring the cas/serverName property with a
non-SSL URL.
Essentially, when using a non-SSL URL for cas/serverName, after I successfully
authenticate via LDAP, I'm redirected to my original destination (WAR A). WAR A
then makes several AJAX calls to another WAR (WAR B) which is also configured
with the CAS Client. All AJAX calls to WAR A return successfully, but the first
AJAX call to WAR B returns a 302 response with a Location header in the
response with the following value:
https://localhost:8443/netcds-cas/login?TARGET=http%3A%2F%2Flocalhost%3A8080%2Fnetcds-ws%2Fapi%2Flogin%2Flogo%2Ftool_logo
This only happens when cas/serverName is a non-SSL URL. If I configured it to
have the same SSL URL as cas/casServerLoginUrl and cas/casServerUrlPrefix,
everything works fine. It's almost like Single Sign On doesn't work unless all
URL properties are SSL. Can CAS be configured so that the cas/serverName
property can be a non-SSL URL?
Here is my configuration:
CAS Server version: 3.4.12
CAS Client version: 3.2.1
JBoss Application Server 4.2.1.GA
WAR A and WAR B work
- cas/casServerLoginUrl = https://localhost:8443/netcds-cas/login
- cas/serverName = https://localhost:8443
- cas/casServerUrlPrefix = https://localhost:8443/netcds-cas
WAR A seems to work but WAR B does not seem to work
- cas/casServerLoginUrl = https://localhost:8443/netcds-cas/login
- cas/serverName = http://localhost:8080
- cas/casServerUrlPrefix = https://localhost:8443/netcds-cas
I have attached the following
- netcds-cas-service.xml - jboss JNDI file defining CAS properties
- WAR A web.xml - the web.xml file for WAR A
- WAR B web.xml - the web.xml file for WAR B
For now we will just configure our application to use SSL everywhere, but
ideally we'd like to figure out how to configure our application on port 8080
or port 80 while configuring CAS to run on a secure port like 8443 or 443.
Thanks,
James Lorenzen
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server PUBLIC "-//JBoss//DTD MBean Service 4.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd";>
<server>
<mbean code="org.jboss.naming.JNDIBindingServiceMgr"
name="netcds.cas.client:service=JNDIBindingServiceMgr">
<attribute name="BindingsConfig" serialDataType="jbxb">
<jndi:bindings
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance";
xmlns:jndi="urn:jboss:jndi-binding-service:1.0"
xs:schemaLocation="urn:jboss:jndi-binding-service:1.0 resource:jndi-binding-service_1_0.xsd">
<jndi:binding name="java:/cas/enabled">
<jndi:value type="java.lang.Boolean">true</jndi:value>
</jndi:binding>
<jndi:binding name="java:/cas/casServerLoginUrl">
<jndi:value>https://localhost:8443/netcds-cas/login</jndi:value>
</jndi:binding>
<jndi:binding name="java:/cas/serverName">
<jndi:value>http://localhost:8080</jndi:value>
</jndi:binding>
<jndi:binding name="java:/cas/casServerUrlPrefix">
<jndi:value>https://localhost:8443/netcds-cas</jndi:value>
</jndi:binding>
</jndi:bindings>
</attribute>
<depends>jboss:service=Naming</depends>
</mbean>
</server>
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
id="WebApp_DASHBOARD">
<display-name>netCDS - Workspace</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
<!-- must load fusebox files first -->
/WEB-INF/classes/applicationContext-fb*.xml
/WEB-INF/classes/applicationContext-ds.xml
/WEB-INF/classes/applicationContext-dashboard.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>messages</param-value>
</context-param>
<context-param>
<param-name>messageBundles</param-name>
<param-value>fusebox-messages,udd-messages,messages</param-value>
</context-param>
<context-param>
<param-name>PARAMETER_ENCODING</param-name>
<param-value>UTF-8</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>com.gestalt.dashboard.db.update.DBUpdateContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>Map JSP</servlet-name>
<jsp-file>/map2.jsp</jsp-file>
</servlet>
<servlet-mapping>
<servlet-name>Map JSP</servlet-name>
<url-pattern>/map</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Map JSP</servlet-name>
<url-pattern>/map.jsp</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Upload Servlet</servlet-name>
<servlet-class>com.accenture.fusebox.servlet.UploadServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Upload Servlet</servlet-name>
<url-pattern>/upload/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>REST Application</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<!--Filter used to reroute POST+X-HTTP-Method-Override to PUT/DELETE-->
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.PostReplaceFilter</param-value>
</init-param>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.accenture.fusebox.api.RegisterResources</param-value>
</init-param>
<!--<init-param>-->
<!--<param-name>com.sun.jersey.config.property.packages</param-name>-->
<!--<param-value>com.accenture.fusebox.api,com.accenture.rest</param-value>-->
<!--</init-param>-->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>REST Widget Application</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.accenture.dashboard.widget</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>REST Application</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>com.accenture.rest.localization.CharsetListener</listener-class>
</listener>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<page-encoding>UTF-8</page-encoding>
</jsp-property-group>
</jsp-config>
<!-- JAWR Configuration (for JavaScript and CSS compression and management
-->
<!--
These are the configuration files for defining netCDS Dashboard-specific
properties. These will override values defined in the
fusebox-jawr.proprties file below. Additional properties files can also be
defined here.
-->
<context-param>
<param-name>jawr.config.sources</param-name>
<param-value>/jawr.properties,/widgets-jawr.properties,/udd-jawr.properties</param-value>
</context-param>
<servlet>
<servlet-name>JavascriptServlet</servlet-name>
<servlet-class>net.jawr.web.servlet.JawrServlet</servlet-class>
<init-param>
<param-name>configLocation</param-name>
<!--
This is the default Fusebox JAWR configuration Any overrides, or
additional JAWR configuration files can be configured in the
properties files specified above.
-->
<param-value>/fusebox-jawr.properties</param-value>
</init-param>
<init-param>
<param-name>type</param-name>
<param-value>js</param-value>
</init-param>
<init-param>
<param-name>mapping</param-name>
<param-value>/jbundle/</param-value>
</init-param>
<init-param>
<param-name>configPropertiesSourceClass</param-name>
<param-value>net.jawr.web.resource.bundle.factory.util.MultipleFileConfigSource</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>CssServlet</servlet-name>
<servlet-class>net.jawr.web.servlet.JawrServlet</servlet-class>
<init-param>
<param-name>configLocation</param-name>
<param-value>/fusebox-jawr.properties</param-value>
</init-param>
<init-param>
<param-name>type</param-name>
<param-value>css</param-value>
</init-param>
<init-param>
<param-name>mapping</param-name>
<param-value>/cbundle/</param-value>
</init-param>
<init-param>
<param-name>configPropertiesSourceClass</param-name>
<param-value>net.jawr.web.resource.bundle.factory.util.MultipleFileConfigSource</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>JavascriptServlet</servlet-name>
<url-pattern>/jbundle/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CssServlet</servlet-name>
<url-pattern>/cbundle/*</url-pattern>
</servlet-mapping>
<!--
the purpose of the SecurityFilter is to assist development and testing of the
gcss-af security headers: iv-user and iv-groups; it allows the developer/tester
to pass these into the application via the login url as query params which
this filter will then copy over to the headers before the login jsp is processed
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.gestalt.dashboard.servlet.SecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/login.jsp</url-pattern>
</filter-mapping>
-->
<!--
The ConditionalFilter is a filter that controls access to another filter that
it wraps. The wrapped filter is specified by the 'wrapped-class'
init param. Access is controlled by the 'condition' init param which is
a reference to a Boolean value stored in JNDI. If the condition is
true all calls to the ConditionalFilter are passed on to the wrapped
filter. If the condition is false, in the case of the doFilter() method,
the ConditionalFilter will simply call the filter chain's doFilter method
and ignore the wrapped filter alltogether.
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.session.SingleSignOutFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<!--
there are 2 required init-params for this filter: casServerLoginUrl
and serverName; both of these are fully qualified domain names and
therefore, in the context of this configuration, they would be hard-coded;
because of this, and the fact that CAS will try to pull these values
from JNDI if they are not found here in the web context, these
init-params have been moved to JNDI via a combination of a
netcds-cas-server.xml file dropped into the jboss server deploy folder
(which loads the values into JNDI) and some resource-env-ref entries
here in this web.xml file and the jboss-web.xml file (which create
the links to these JNDI values)
-->
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<!--
there are 2 required init-params for this filter: casServerUrlPrefix
and serverName; these have been JNDI-fied as was just previously
described
-->
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.validation.Saml11TicketValidationFilter</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>5000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.util.AssertionThreadLocalFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
The purpose of the CasSecurityFilter is to extract the CAS authentication and
authorization information from the user principal and transform that into the
IV user and groups headers that netcds already understands
-->
<filter>
<filter-name>CasSecurityFilter</filter-name>
<filter-class>com.accenture.security.servlet.CasSecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CasSecurityFilter</filter-name>
<url-pattern>/login.jsp</url-pattern>
</filter-mapping>
<filter>
<filter-name>IdentityServiceAgent</filter-name>
<filter-class>com.accenture.identity.agent.IdentityServiceGuestAgent</filter-class>
<init-param>
<param-name>identityTokenCookieName</param-name>
<param-value>NETCDS_TOKEN</param-value>
</init-param>
<init-param>
<param-name>configFile</param-name>
<param-value>/affor_runtime.properties</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>IdentityServiceAgent</filter-name>
<url-pattern>/api/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityServiceAgent</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<!-- End JAWR Configuration -->
<!-- Record username for logging purposes -->
<filter>
<filter-name>LoggingContextFilter</filter-name>
<filter-class>com.accenture.servlet.LoggingContextFilter</filter-class>
<init-param>
<param-name>username_context</param-name>
<param-value>netCDS workspace User Email</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>LoggingContextFilter</filter-name>
<url-pattern>/api/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LoggingContextFilter</filter-name>
<url-pattern>*.jsp</url-pattern>
</filter-mapping>
<filter>
<description>Set HTTP headers for a mapping.</description>
<filter-name>HeaderFilter</filter-name>
<filter-class>com.gestalt.dashboard.servlet.HeaderFilter</filter-class>
<init-param>
<description>Add an Expires Header</description>
<param-name>header</param-name>
<param-value>expires: FAR_FUTURE</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.gif</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.png</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.jpg</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<resource-ref id="ResourceRef_COP_DS">
<description>
</description>
<res-ref-name>jdbc/COP-DS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<!--
references to required CAS init-param values defined in JNDI;
CAS requires these to be in the java:/comp/env context which is why
the resource-env-ref tags are being used
-->
<resource-env-ref>
<resource-env-ref-name>cas/casServerLoginUrl</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<resource-env-ref>
<resource-env-ref-name>cas/serverName</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<resource-env-ref>
<resource-env-ref-name>cas/casServerUrlPrefix</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<!--this is our own flag for enabling/disabling the cas security filters-->
<resource-env-ref>
<resource-env-ref-name>cas/enabled</resource-env-ref-name>
<resource-env-ref-type>java.lang.Boolean</resource-env-ref-type>
</resource-env-ref>
</web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4" id="WebApp_NETCDS_WS">
<context-param>
<param-name>contextConfigLocation</param-name>
<!-- <param-value>/WEB-INF/applicationContext*.xml</param-value> -->
<param-value>
<!-- must load in this order for Websphere -->
/WEB-INF/classes/applicationContext-ds.xml
/WEB-INF/classes/applicationContext-affor-ibatis.xml
/WEB-INF/classes/applicationContext-affor.xml
/WEB-INF/classes/applicationContext-affor-search.xml
/WEB-INF/classes/applicationContext-netcdsws.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>MEL Upload Servlet</servlet-name>
<servlet-class>com.accenture.netcds.web.servlet.UploadServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>MEL Download Servlet</servlet-name>
<servlet-class>com.accenture.netcds.web.servlet.CustomDownloadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Spatial Data Upload Servlet</servlet-name>
<servlet-class>com.accenture.netcds.upload.SpatialDataUploadServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>Search Init Servlet</servlet-name>
<servlet-class>com.accenture.netcds.search.servlet.SearchInitServlet</servlet-class>
<load-on-startup>9</load-on-startup>
</servlet>
<servlet>
<servlet-name>REST Application</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<!--Filter used to reroute POST+X-HTTP-Method-Override to PUT/DELETE-->
<init-param>
<param-name>com.sun.jersey.spi.container.ContainerRequestFilters</param-name>
<param-value>com.sun.jersey.api.container.filter.PostReplaceFilter</param-value>
</init-param>
<init-param>
<param-name>javax.ws.rs.Application</param-name>
<param-value>com.accenture.netcds.api.rest.RegisterResources</param-value>
</init-param>
<!--<init-param>-->
<!--<param-name>com.sun.jersey.config.property.packages</param-name>-->
<!--<param-value>com.accenture.netcds.api,com.accenture.rest</param-value>-->
<!--</init-param>-->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Map Icon Servlet</servlet-name>
<servlet-class>com.accenture.netcds.web.servlet.MapIconGenerationServlet</servlet-class>
</servlet>
<!-- filters will always run before servlets -->
<!-- User Access Control -->
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.accenture.fusebox.servlet.filter.SecurityFilter</filter-class>
<init-param>
<param-name>sessionKeyOrgCode</param-name>
<param-value>orgCode</param-value>
</init-param>
<init-param>
<param-name>sessionKeyEmail</param-name>
<param-value>netCDS workspace User Email</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/api/*</url-pattern>
</filter-mapping>
<!-- extension mapping -->
<servlet-mapping>
<servlet-name>REST Application</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Map Icon Servlet</servlet-name>
<url-pattern>/mapicon/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MEL Upload Servlet</servlet-name>
<url-pattern>/attachment-upload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MEL Download Servlet</servlet-name>
<url-pattern>/download-servlet</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Spatial Data Upload Servlet</servlet-name>
<url-pattern>/mapdataupload</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<listener>
<listener-class>com.accenture.netcds.web.listener.SessionListener</listener-class>
</listener>
<!--
The ConditionalFilter is a filter that controls access to another filter that
it wraps. The wrapped filter is specified by the 'wrapped-class'
init param. Access is controlled by the 'condition' init param which is
a reference to a Boolean value stored in JNDI. If the condition is
true all calls to the ConditionalFilter are passed on to the wrapped
filter. If the condition is false, in the case of the doFilter() method,
the ConditionalFilter will simply call the filter chain's doFilter method
and ignore the wrapped filter alltogether.
-->
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.session.SingleSignOutFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<!--
there are 2 required init-params for this filter: casServerLoginUrl
and serverName; both of these are fully qualified domain names and
therefore, in the context of this configuration, they would be hard-coded;
because of this, and the fact that CAS will try to pull these values
from JNDI if they are not found here in the web context, these
init-params have been moved to JNDI via a combination of a
netcds-cas-server.xml file dropped into the jboss server deploy folder
(which loads the values into JNDI) and some resource-env-ref entries
here in this web.xml file and the jboss-web.xml file (which create
the links to these JNDI values)
-->
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.authentication.Saml11AuthenticationFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<!--
there are 2 required init-params for this filter: casServerUrlPrefix
and serverName; these have been JNDI-fied as was just previously
described
-->
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.validation.Saml11TicketValidationFilter</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>tolerance</param-name>
<param-value>5000</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>com.accenture.security.servlet.ConditionalFilter</filter-class>
<init-param>
<param-name>condition</param-name>
<param-value>cas/enabled</param-value>
</init-param>
<init-param>
<param-name>wrapped-class</param-name>
<param-value>org.jasig.cas.client.util.AssertionThreadLocalFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>IdentityServiceAgent</filter-name>
<filter-class>com.accenture.identity.agent.IdentityServiceGuestAgent</filter-class>
<init-param>
<param-name>identityTokenCookieName</param-name>
<param-value>NETCDS_TOKEN</param-value>
</init-param>
<init-param>
<param-name>configFile</param-name>
<param-value>/affor_runtime.properties</param-value>
</init-param>
</filter>
<filter>
<description>Set HTTP headers for a mapping.</description>
<filter-name>HeaderFilter</filter-name>
<filter-class>com.accenture.netcds.web.servlet.HeaderFilter</filter-class>
<init-param>
<description>Add an Expires Header</description>
<param-name>header</param-name>
<param-value>expires: FAR_FUTURE</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.gif</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.png</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>*.jpg</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>HeaderFilter</filter-name>
<url-pattern>/api/login/logo/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>IdentityServiceAgent</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<resource-ref id="ResourceRef_COP_DS">
<description>
</description>
<res-ref-name>jdbc/COP-DS</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<!-- Used for MessAdmin tool, very helpful for identifying session issues. -->
<!--
<filter>
<filter-name>MessAdminFilter</filter-name>
<filter-class>clime.messadmin.filter.MessAdminFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>MessAdminFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>clime.messadmin.core.MessAdminListener</listener-class>
</listener>
-->
<!--
references to required CAS init-param values defined in JNDI;
CAS requires these to be in the java:/comp/env context which is why
the resource-env-ref tags are being used
-->
<resource-env-ref>
<resource-env-ref-name>cas/casServerLoginUrl</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<resource-env-ref>
<resource-env-ref-name>cas/serverName</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<resource-env-ref>
<resource-env-ref-name>cas/casServerUrlPrefix</resource-env-ref-name>
<resource-env-ref-type>java.lang.String</resource-env-ref-type>
</resource-env-ref>
<!--this is our own flag for enabling/disabling the cas security filters-->
<resource-env-ref>
<resource-env-ref-name>cas/enabled</resource-env-ref-name>
<resource-env-ref-type>java.lang.Boolean</resource-env-ref-type>
</resource-env-ref>
</web-app>
