|
Hi, I have CAS set up and exposed via Xfire to allow me to use my
own secured web services. I have re-written CentralAuthenticationService
interface so I pass UsernamePasswordCredentials rather than Credentials
interface and this is what CAS exposes for me. My client application wishing to gain access to my service
runs the following calls…. //Construct web service interface UsernamePasswordCentralAuthenticationService authService = (UsernamePasswordCentralAuthenticationService)factory.create(casModel,
"http://localhost:8080/cas/CentralAuthenticationService"); // Construct a credentials object UsernamePasswordCredentials creds = new
UsernamePasswordCredentials(); creds.setUsername("admin"); creds.setPassword("admin"); // Get a TGT for the supplied creds String ticketGrantingTicket =
authService.createTicketGrantingTicket(creds); //Get an ST for the TGT and service I want to access String serviceTicket =
authService.grantServiceTicket(ticketGrantingTicket,
"http://localhost:8080/j_acegi_cas_security_check"); //Supply the credentials to the service I wish to access UsernamePasswordCredentials serviceCreds = new
UsernamePasswordCredentials(); creds.setUsername(CasProcessingFilter.CAS_STATELESS_IDENTIFIER); creds.setPassword(serviceTicket); ….. the construct web service interface for the
service I want to call and pass the serviceCreds. All of this works just great
and I can call my secured services. The problem I have is I don’t really understand how to
get the service above to authenticate with backend services. I’m assuming
this is proxy authentication. The CentralAuthenticationService interface provides me with
the interface below. I wonder which methods I need to call to obtain a PGT and
an ST for that PGT (if that’s even correct). Any help would be greatly
appreciated. public interface CentralAuthenticationService { /** * Create a TicketGrantingTicket
based on opaque credentials supplied by the * caller. * * @param credentials The
credentials to create the ticket for * @return The String identifier of
the ticket (may not be null). * @throws TicketException if ticket
cannot be created */ String
createTicketGrantingTicket(Credentials credentials) throws
TicketException; /** * Grant a ServiceTicket for a
Service. * * @param ticketGrantingTicketId
Proof of prior authentication. * @param service The target service
of the ServiceTicket. * @return the ServiceTicket for
target Service. * @throws TicketException if the
ticket could not be created. */ String grantServiceTicket(String
ticketGrantingTicketId, Service service) throws
TicketException; /** * Grant a ServiceTicket for a
Service *if* the principal resolved from the * credentials matches the principal
associated with the * TicketGrantingTicket. * * @param ticketGrantingTicketId
Proof of prior authentication. * @param service The target service
of the ServiceTicket. * @param credentials the
Credentials to present to receive the * ServiceTicket * @return the ServiceTicket for
target Service. * @throws TicketException if the
ticket could not be created. */ String grantServiceTicket(final String
ticketGrantingTicketId, final Service
service, final Credentials credentials) throws
TicketException; /** * Validate a ServiceTicket for a
particular Service. * * @param serviceTicketId Proof of
prior authentication. * @param service Service wishing to
validate a prior authentication. * @return ServiceTicket if valid
for the service * @throws TicketException if there
was an error validating the ticket. */ Assertion validateServiceTicket(final
String serviceTicketId, final Service
service) throws TicketException; /** * Destroy a TicketGrantingTicket.
This has the effect of invalidating any * Ticket that was derived from the
TicketGrantingTicket being destroyed. * * @param ticketGrantingTicketId the
id of the ticket we want to destroy */ void destroyTicketGrantingTicket(final
String ticketGrantingTicketId); /** * Delegate a TicketGrantingTicket
to a Service for proxying authentication * to other Services. * * @param serviceTicketId The
service ticket that will delegate to a * TicketGrantingTicket * @param credentials The
credentials of the service that wishes to have a * TicketGrantingTicket delegated to
it. * @return TicketGrantingTicket that
can grant ServiceTickets that proxy * authentication. * @throws TicketException if there
was an error creating the ticket */ String delegateTicketGrantingTicket(final
String serviceTicketId, final Credentials
credentials) throws TicketException; } Cheers, Senior Software Engineer CSW Group Ltd |
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
