Thanks very-very much!
________________________________ From: Modi Tamam <[email protected]> To: [email protected] Sent: Sunday, February 17, 2013 5:29 PM Subject: Re: [cas-user] Non-browser client Hi, I find the retlet-integression project quite annoying, old and not required Instead, I added a REST API based on Spring-MVC. I'm attaching the two files that are responsible for generating: 1. Ticket Granting - Ticket 2. Service Ticket Please add the to cas-server-core\src\main\java\org\jasig\cas\web folder. In order to add both of the attached controllers to your CAS server, add the next lines to you applicationContext.xml: <mvc:annotation-driven /> <bean id="ticketGrantingTicketResource" class="org.jasig.cas.web.TicketGrantingTicketResourceController" /> <bean id="serviceTicketResource" class="org.jasig.cas.web.ServiceTicketResourceController" p:httpClient-ref="httpClient"/> than you should map those URLs to the dispatcher servlet, so add the next lines to your web.xml: <servlet-mapping> <servlet-name>cas</servlet-name> <url-pattern>/tickets/granting-tickets</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>cas</servlet-name> <url-pattern>/tickets/services</url-pattern> </servlet-mapping> <session-config> Your client should perform the next steps: 1. Get granting ticket by sending the user name and password as request parameters:https://<Your server and port>/cas-server/tickets/granting-tickets?username=X78&password=X78 the response will contain a TGT 2. Use the TGT from previous step to get a Service Ticket (ST): https://<Your server and port>/cas-server/tickets/services?tgt=<TGT From step 1>&service=https://<Your client server and port>/cas-client/cas_security_check". The response will contain the service ticket 3. Validate the ST from previous step : https://<Your client server>/cas-client/cas_security_check?ticket=<ST from step 2> All of the future requests which target your client application, must hold the session ID (as a Cookie) of the request from step 3 (that's how the CAS - Client figures out that you are an already authenticated client. If you find an easier way, please let me know. On Sun, Feb 17, 2013 at 12:15 PM, Greg Smith <[email protected]> wrote: Initially we made the app behave like a browser and user entered credential s via the Java app which were then used. We have since integrated with Java SSO client that can access the domain credentials negating the need for user to enter details. >On 17 Feb 2013 08:34, "sol myr" <[email protected]> wrote: > >Hi, >>We have a legacy non-browser client application (Swing), which does most of >>the work locally on the client machine, but occasionally contacts the server >>using HttpClient (e.g. REST api to "upload work to server"). >>The server is a Java web-application on Tomcat. >> >> >>Is there an easy way to add CAS protection to this? >>I saw the REST documentation: https://wiki.jasig.org/display/CASUM/RESTful+API >>But wasn't sure how the complete flow should be... I could start with a >>Swing login form, and use the credentials to obtain a TicketGrantingTicket >>via RESTful API. >>But once I obtained a TicketGrantingTicket... what next? >>I know the flow for *Browser* applications, so one solution could be >>imitating browser behavior, in term of redirects and cookies (follow the CAS >>redirect that adds "ticket" parameter representing ServiceTicket; then follow >>the ValidationFilter redirect that removes this "ticket" parameter; and >>finally get a JSESSIONID cookie which should be sent in subsequent requests). >> >>But is there any easier API for non-browser applications? >>One that involves less 'redirects' and less cookies? >> >>Thanks >> >> >>-- >>You are currently subscribed to [email protected] as: [email protected] >>To unsubscribe, change settings or access archives, see >>http://www.ja-sig.org/wiki/display/JSG/cas-user >> >>-- >You are currently subscribed to [email protected] as: >[email protected] >To unsubscribe, change settings or access archives, see >http://www.ja-sig.org/wiki/display/JSG/cas-user -- Best Regards Mordechai Tamam -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
