-Scott
Hi,
I have CAS set up and exposed via Xfire to allow me to use my own secured web services. I have re-written CentralAuthenticationService interface so I pass UsernamePasswordCredentials rather than Credentials interface and this is what CAS exposes for me.
My client application wishing to gain access to my service runs the following calls….
//Construct web service interface
UsernamePasswordCentralAuthenticationService authService =
(UsernamePasswordCentralAuthenticationService)factory.create(casModel, "http://localhost:8080/cas/CentralAuthenticationService");
// Construct a credentials object
UsernamePasswordCredentials creds = new UsernamePasswordCredentials();
creds.setUsername("admin");
creds.setPassword("admin");
// Get a TGT for the supplied creds
String ticketGrantingTicket = authService.createTicketGrantingTicket(creds);
//Get an ST for the TGT and service I want to access
String serviceTicket = authService.grantServiceTicket(ticketGrantingTicket, "http://localhost:8080/j_acegi_cas_security_check");
//Supply the credentials to the service I wish to access
UsernamePasswordCredentials serviceCreds = new UsernamePasswordCredentials();
creds.setUsername(CasProcessingFilter.CAS_STATELESS_IDENTIFIER);
creds.setPassword(serviceTicket);
….. the construct web service interface for the service I want to call and pass the serviceCreds. All of this works just great and I can call my secured services.
The problem I have is I don't really understand how to get the service above to authenticate with backend services. I'm assuming this is proxy authentication.
The CentralAuthenticationService interface provides me with the interface below. I wonder which methods I need to call to obtain a PGT and an ST for that PGT (if that's even correct). Any help would be greatly appreciated.
public interface CentralAuthenticationService {
/**
* Create a TicketGrantingTicket based on opaque credentials supplied by the
* caller.
*
* @param credentials The credentials to create the ticket for
* @return The String identifier of the ticket (may not be null).
* @throws TicketException if ticket cannot be created
*/
String createTicketGrantingTicket(Credentials credentials)
throws TicketException;
/**
* Grant a ServiceTicket for a Service.
*
* @param ticketGrantingTicketId Proof of prior authentication.
* @param service The target service of the ServiceTicket.
* @return the ServiceTicket for target Service.
* @throws TicketException if the ticket could not be created.
*/
String grantServiceTicket(String ticketGrantingTicketId, Service service)
throws TicketException;
/**
* Grant a ServiceTicket for a Service *if* the principal resolved from the
* credentials matches the principal associated with the
* TicketGrantingTicket.
*
* @param ticketGrantingTicketId Proof of prior authentication.
* @param service The target service of the ServiceTicket.
* @param credentials the Credentials to present to receive the
* ServiceTicket
* @return the ServiceTicket for target Service.
* @throws TicketException if the ticket could not be created.
*/
String grantServiceTicket(final String ticketGrantingTicketId,
final Service service, final Credentials credentials)
throws TicketException;
/**
* Validate a ServiceTicket for a particular Service.
*
* @param serviceTicketId Proof of prior authentication.
* @param service Service wishing to validate a prior authentication.
* @return ServiceTicket if valid for the service
* @throws TicketException if there was an error validating the ticket.
*/
Assertion validateServiceTicket(final String serviceTicketId,
final Service service) throws TicketException;
/**
* Destroy a TicketGrantingTicket. This has the effect of invalidating any
* Ticket that was derived from the TicketGrantingTicket being destroyed.
*
* @param ticketGrantingTicketId the id of the ticket we want to destroy
*/
void destroyTicketGrantingTicket(final String ticketGrantingTicketId);
/**
* Delegate a TicketGrantingTicket to a Service for proxying authentication
* to other Services.
*
* @param serviceTicketId The service ticket that will delegate to a
* TicketGrantingTicket
* @param credentials The credentials of the service that wishes to have a
* TicketGrantingTicket delegated to it.
* @return TicketGrantingTicket that can grant ServiceTickets that proxy
* authentication.
* @throws TicketException if there was an error creating the ticket
*/
String delegateTicketGrantingTicket(final String serviceTicketId,
final Credentials credentials) throws TicketException;
}
Cheers,
Ian Packard
Senior Software Engineer
CSW Group Ltd
********************************************
Registered Office and Contact Address:
4240 Nash Court
Oxford Business Park South
Oxford
UK
OX4 2RU
Tel: +44/0 1865 337400
Fax: +44/0 1865 337433
Web: http://www.csw.co.uk
Registered in England No. 4198197
Legal Disclaimer : http://www.csw.co.uk/disclaimer.htm
********************************************
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
