A little note: if you choose to use AuthenticationSupport API, here's how you would wire up the default implementation (it needs instance of TicketRegistry):
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:c="http://www.springframework.org/schema/c"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd"/> <bean id="authenticationSupport" class="net.unicon.cas.addons.authentication.internal.DefaultAuthenticationSupport" c:ticketRegistry-ref="ticketRegistry"/> </beans> Note that it uses Spring 3.1 'c' pseudo namespace for constructor args, so needs a proper xmlns declaration in the beans element header as to avoid any pain debugging if it fails. Of course this is just an example and you could choose not to use the 'c' namespace. Hope this helps. Dmitriy. On Jan 8, 2013, at 3:23 PM, Dmitriy Kopylenko <[email protected]> wrote: > After a successful CAS authentication, TGT ID (String representation of a > ticket granting ticket id) should be available in the flow scope. You could > then use a little helper API from cas-addons to get an authenticated > principal by this TGT ID: > > https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java > (getAuthenticatedPrincipalFrom(String) method) or you could roll your own. > > Cheers, > Dmitriy. > > On Jan 8, 2013, at 3:01 PM, [email protected] wrote: > >> Thank you again for the info. >> I was able to add an action to login-webflow.xmland create a flow that I >> needed. >> >> I created a simple POJO with a method that takes String as a parameter. >> The goal is to pass the resolved principle id and pass it to this method. >> Then this method will do the validation against DB2. >> >> I am currently trying to figure out how to obtain the resolved principle id >> and use it in the method I created. >> For test purpose I used flowScope.credentials.username as a parameter like >> this: >> >> <evaluate expression="myPojo.myMethod(flowScope.credentials.username)" /> >> >> but this gives me the login id which is what the user entered on the form, >> not the resolved ID that the program needs. >> >> I use CredentialsToLDAPAttributePrincipalResolverto get a different ID from >> LDAP. >> >> I will continue to do research, but if you can point me on where the >> resolved ID gets stored and how to access that in login-webflow.xml, that >> will be great. >> >> Thank you, >> >> Ken Maruyama >> Technical Architect >> Fashion Institute of Design & Merchandising >> 1-213-624-1201 Ex.4525 >> [email protected] >> >> >> >> From: Dmitriy Kopylenko <[email protected]> >> To: <[email protected]> >> Date: 01/07/2013 04:21 PM >> Subject: Re: [cas-user] Combine LDAP with SQL for validation >> >> >> >> >> >> Sent from my iPhone >> >> On Jan 7, 2013, at 16:49, "Ken Maruyama" <[email protected]> wrote: >> >> > Hi Dmitriy, >> > >> > I'm trying to follow your suggestion, but have some questions. >> > >> > First, when you say I should create a interface/impl, do you mean to >> > create a implementation of AuthenticationHandler? >> >> No. I mean a separate API/Impl from core CAS API. In other words a custom >> API which should plug into the CAS login webflow. >> >> >> > >> > >> > Second, does adding additional action means adding a <bean> property in >> > the authenticationHandlers section of the deployerConfigContext.xml? >> >> It would be a custom state definition in login-webflow.xml as well as any >> custom beans in WEB-INF/spring-configuration. >> >> > uthenticationManagerImpl"> >> > <property name="credentialsToPrincipalResolvers"> >> > <list> >> > <bean >> > class="org.jasig.cas.authentication.principal.CredentialsToLDAPAttributePrincipalResolver"> >> > <property name="credentialsToPrincipalResolver"> >> > <bean >> > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" >> > /> >> > </property> >> > <property name="filter" value="(uid=%u)" /> >> > <property name="principalAttributeName" >> > value="XXXXXXXXXXXXXX" /> >> > <property name="searchBase" value="o=XXXXXX,c=XXXXXX" /> >> > <property name="contextSource" ref="contextSource" /> >> > <property name="attributeRepository"> >> > <ref bean="attributeRepository" /> >> > </property> >> > </bean> >> > <bean >> > class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver"> >> > >> > <property name="attributeRepository" >> > ref="attributeRepository" /> >> > </bean> >> > <bean >> > class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" >> > /> >> > </list> >> > </property> >> > <property name="authenticationHandlers"> >> > <list> >> > <bean >> > class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" >> > p:httpClient-ref="httpClient" /> >> > <bean >> > class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >> > p:filter="uid=%u" p:searchBase="o=XXXXXXXXX,c=XXXXXXX" >> > p:contextSource-ref="contextSource" /> >> > </list> >> > </property> >> > </bean> >> > <sec:user-service id="userDetailsService"> >> > <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" >> > authorities="ROLE_ADMIN" /> >> > </sec:user-service> >> > <bean id="attributeRepository" >> > class="org.jasig.services.persondir.support.StubPersonAttributeDao"> >> > >> > <property name="backingMap"> >> > <map> >> > <entry key="uid" value="uid" /> >> > <entry key="eduPersonAffiliation" >> > value="eduPersonAffiliation" /> >> > <entry key="groupMembership" value="groupMembership" /> >> > </map> >> > </property> >> > </bean> >> > <bean id="serviceRegistryDao" >> > class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl"> >> > <property name="registeredServices"> >> > <list> >> > <bean class="org.jasig.cas.services.RegexRegisteredService"> >> > >> > <property name="id" value="0" /> >> > <property name="name" value="HTTP and IMAP" /> >> > <property name="description" >> > value="Allows HTTP(S) and IMAP(S) protocols" /> >> > <property name="serviceId" >> > value="^(https?|imaps?)://.*" /> >> > <property name="evaluationOrder" value="10000001" /> >> > </bean> >> > </list> >> > </property> >> > </bean> >> > <bean id="auditTrailManager" >> > class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" /> >> > <bean id="healthCheckMonitor" >> > class="org.jasig.cas.monitor.HealthCheckMonitor"> >> > <property name="monitors"> >> > <list> >> > <bean class="org.jasig.cas.monitor.MemoryMonitor" >> > p:freeMemoryWarnThreshold="10" /> >> > <bean class="org.jasig.cas.monitor.SessionMonitor" >> > p:ticketRegistry-ref="ticketRegistry" >> > p:serviceTicketCountWarnThreshold="5000" >> > p:sessionCountWarnThreshold="100000" /> >> > </list> >> > </property> >> > </bean> >> > <bean id="contextSource" >> > class="org.springframework.ldap.core.support.LdapContextSource"> >> > <property name="pooled" value="false" /> >> > <property name="url" value="ldaps://XXXXXXXXX:636" /> >> > <property name="baseEnvironmentProperties"> >> > <map> >> > <entry key="com.sun.jndi.ldap.connect.timeout" >> > value="3000" /> >> > <entry key="com.sun.jndi.ldap.read.timeout" value="3000" /> >> > <entry key="java.naming.security.authentication" >> > value="simple" /> >> > </map> >> > </property> >> > </bean> >> > </beans> >> > >> > -- >> > You are currently subscribed to [email protected] as: >> > [email protected] >> > To unsubscribe, change settings or access archives, see >> > http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> >> DISCLAIMER >> >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> Use or distribution of this email by an unintended recipient is prohibited >> and may be a violation of law. If you have received this email in error, >> please notify the sender immediately and then destroy the document. Please >> note that any views or opinions presented in this email are solely those of >> the author and do not necessarily represent those of FIDM. Finally, the >> recipient should check this email and any attachments for the presence of >> viruses. FIDM accepts no liability for any damage caused by any virus >> transmitted by this email. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
