Hmmm...I was thinking may be we were now able to do some vague
equivalent of getUserPrincipal (i.e. return java.security.Principal).
Not to be. The Assertion class has a getPrincipal method which returns
a org.jasig.cas.authentication.principal.Principal object which does not
in any way relate to the java.security.Principal interface (or does
it?...I think it should).
Actually, instead of doing the above, the CAS client should be able to
populate the HTTP request (just like it does with
request.getRemoteUser() so that :
A. request.getUserPrincipal() will generate an object implementing
the java.security.Principal interface (and perhaps more), which is
probably possible only if
B. request.isUserInRole("role name") is true for perhaps any string
(and specific role name if there is some way to build roles awareness
into the login)
This will go a long way in compliance with servlet standard...even if B
would be "pseudo-compliance". But way out of my league already...
Scott: This is already in the cards with SAML (right?). Or should I
open an enhancement request in JIRA?
Let me know, otherwise I am done with this 3.0.0 will move on to
production with Yale client 2.1.1 instead. Reason: it seems have a much
less overhead in terms of jars and surgery within WEB-INF (web.xml).
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Uday Kari
Sent: Wednesday, May 09, 2007 10:36 AM
To: Yale CAS mailing list
Subject: RE: CAS Java Client 3.0.0 Install ERROR Report
<%@ page import="org.jasig.cas.client.validation.Assertion" %>
<%@ page import="org.jasig.cas.client.web.filter.AbstractCasFilter" %>
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Uday Kari
Sent: Wednesday, May 09, 2007 10:26 AM
To: Yale CAS mailing list
Subject: RE: CAS Java Client 3.0.0 Install ERROR Report
Thanks, Scott. JIRA is done.
Continuing this 3.0.0 install though, I am at the very last step...
final Assertion assertion = (Assertion)
session.getAttribute(AbstractCasFilter.CONST_ASSERTION);
Perhaps I am the only one who has never heard of a java class called
"Assertion" and no amount of googling is helping me! Specifically, in
order to use this in my jsp, what class do I need to import into my jsp?
________________________________
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Scott Battaglia
Sent: Wednesday, May 09, 2007 9:36 AM
To: Yale CAS mailing list
Subject: Re: CAS Java Client 3.0.0 Install ERROR Report
Most servers enforce SSL at the server level (i.e. Apache rewrite rules,
etc.).
Neither the CAS client from Yale or JA-SIG require SSL (whether your
application needs SSL is a local decision) and will respond accordingly
to both http and https. That's why the CAS clients try to best "guess"
whether you need http or https.
If you need to specify SSL, you can specify the complete service url.
Also, if you submit a JIRA issue I can try and add a feature such that
the CAS client accepts either (a) service url, (b) host and port, or (c)
protocol + host + port. We can attempt to get that in for the 3.1
release.
Thanks
-Scott
On 5/9/07, Uday Kari <[EMAIL PROTECTED]> wrote:
Thanks. Yes, I figured that. I am no expert in SSL, but I believe that
is indeed expected application behavior from a common sense user
perspective. For instance, go to www.bankofamerica.com
<http://www.bankofamerica.com/> or fidelity.com they immediately morph
from http to https (everything, including unsecured portions of the
website is then served up over SSL). Unclear if this should be done
enforced by the client...(that is for you to judge)...but the "other"
CAS client..."Yale?" (casclient-2.1.1.jar ) certainly seems to work that
way.
________________________________
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ] On Behalf Of Scott Battaglia
Sent: Wednesday, May 09, 2007 1:59 AM
To: Yale CAS mailing list
Subject: Re: CAS Java Client 3.0.0 Install ERROR Report
The CAS clients (both the 2.x and the 3.x version) obtain the http or
https prefix from the url provided when attempting to access a page. So
if you want your application access securely you have two options:
1. provide an exact service url that is https
2. always access your application over https
In your case you accessed the page via http and when the client
constructed the service url it grabbed "http".
-Scott
On 5/8/07, Uday Kari <[EMAIL PROTECTED]> wrote:
OK, got past all the below, but still no cigar. I'll to explain.
Basically, after SSO login, the returned URL has http instead of https
in it.
Is this a documentation doo-dah? Here is my cas-client.properties file:
cas.server.gateway=false
cas.server.renew=false
cas.server.url=https://cas-server:8443/cas/
cas.server.proxyCallbackUrl=https://cas-server:8443/manager/proxy/Recept
or
cas.client.serverName=client-host:8443
cas.client.proxyCallbackUrl=https://client-host:8443/test/casProxyRecept
or
Everything else is as below. Specifically, web.xml and
securityConfiguration.xml same as instructions in the URL, but for the
mods below.
Reproduce steps:
1. Try http://client-host:8080/test/protected/hw.jsp
2. Go to login page.
3. Login as userid=password
4. returned to http://client-host:8443/test/protected/hw.jsp?ticket...
PLEASE NOTE THAT https is missing and adding that "s" to the url above
makes it work.
What gives? My brain is fried...any help appreciated...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ]
On Behalf Of Uday Kari
Sent: Tuesday, May 08, 2007 4:34 PM
To: Yale CAS mailing list
Subject: RE: CAS Java Client 3.0.0 Install ERROR Report
1. Contents of securityConfiguration.xml identical to
http://www.ja-sig.org/products/cas/client/client-java/index.html
2. Seems like version mismatch between the illustrative XML in the
example and the version in CAS Java Client 3.0.0 for the following
class:
org.jasig.cas.client.validation.Cas20ProxyTicketValidator
Specifically, example on above URL has six (6) number of constructor
args in the securityConfiguration.xml and the actual code accepts either
five (5) or eight (8). Ugh! Sloppy, sloppy...I guess that URL needs to
be updated)...
XML Sample
-----------
<bean id="ticketValidator"
class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg index="0" value="${cas.server.url}"/>
<constructor-arg index="1" value="${ cas.server.renew}"/>
<constructor-arg index="2" ref="httpClient"/>
<!--
////////////////////////////////////////////////////////
// Looks like we need to comment this bad boy out
//
<constructor-arg index="3">
<bean class="org.jasig.cas.authentication.principal.SimpleService">
<constructor-arg value="${cas.client.proxyCallbackUrl }"/>
</bean>
</constructor-arg>
////////////////////////////////////////////////////////
// And change the following to 3, 4 respectively
//
-->
<constructor-arg index="3"><list></list></constructor-arg>
<constructor-arg index="4" value="true"/>
</bean>
Code within CAS Java Client 3.0.0
-----------------------------------
public Cas20ProxyTicketValidator(final String casServerUrl,
final boolean renew,
final HttpClient httpClient,
List proxyChains,
boolean acceptAnyProxy)
public Cas20ProxyTicketValidator(final String casServerUrl,
final boolean renew,
final HttpClient httpClient,
final Service proxyCallbackUrl,
List proxyChains,
boolean acceptAnyProxy,
final ProxyGrantingTicketStorage
proxyGrantingTicketStorage,
final ProxyRetriever proxyRetriever)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> ]
On Behalf Of Uday Kari
Sent: Tuesday, May 08, 2007 3:52 PM
To: Yale CAS mailing list
Subject: CAS Java Client 3.0.0 Install ERROR Report
Please note the error below:
Exception sending context initialized event to listener instance of
class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'ticketValidator' defined in
ServletContext resource [/WEB-INF/securityConfiguration.xml]: 6
constructor arguments specified but no matching constructor found in
bean 'ticketValidator'
(hint: specify index and/or type arguments for simple parameters to
avoid type ambiguities)...
SORRY: WHAT DID I MISS? SIMPLE DETAILED REPROCUTION BELOW
1. Download apache-tomcat-5.5.23.exe
Install as Windows Service on XP machine.
2. Create a new "test" context with the following directory structure
under webapps using instructions for contents under WEB-INF
from "JA-SIG CAS Client for Java"; URL:
http://www.ja-sig.org/products/cas/client/client-java/index.html
(the hw.jsp just says out.print("Hello World")...
but this is irrelevant)
test
|
|__ hw.jsp
|
|__ protected
| |
| |__ hw.jsp
|
|__ WEB-INF
|
|__ cas-client.properties
|
|__ securityConfiguration.xml
|
|__ web.xml
|
|__ lib
|
|__ (drop all jars from
cas-client-java-3.0.0.zip...RIGHT?)
3. Stop Tomcat, Clean Logs, Start Tomcat
4. This is what I see in localhost.2007-05-08.log
(all other log files are size zero):
May 8, 2007 3:41:18 PM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain:
[org.apache.webapp.balancer.RuleChain :
[org.apache.webapp.balancer.rules.URLStringMatchRule:
Target string: News / Redirect URL: http://www.cnn.com],
[org.apache.webapp.balancer.rules.RequestParameterRule: Target param
name: paramName / Target param value: paramValue / Redirect URL:
http://www.yahoo.com],
[org.apache.webapp.balancer.rules.AcceptEverythingRule: Redirect URL:
http://jakarta.apache.org] <http://jakarta.apache.org%5d> ]
May 8, 2007 3:41:19 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
May 8, 2007 3:41:19 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
May 8, 2007 3:41:19 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
May 8, 2007 3:41:19 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
May 8, 2007 3:41:20 PM org.apache.catalina.core.ApplicationContext log
INFO: Loading Spring root WebApplicationContext
May 8, 2007 3:41:21 PM
org.apache.catalina.core.StandardContextlistenerStart
SEVERE: Exception sending context initialized event to listener instance
of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'ticketValidator' defined in ServletContext resource
[/WEB-INF/securityConfiguration.xml]: 6 constructor arguments specified
but no matching constructor found in bean 'ticketValidator' (hint:
specify index and/or type arguments for simple parameters to avoid type
ambiguities)
at
org.springframework.beans.factory.support.ConstructorResolver.autowireCo
nstructor(ConstructorResolver.java:117)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFac
tory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:683)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFac
tory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:621)
at
org.springframework.beans.factory.support.AbstractAutowireCapableBeanFac
tory.createBean(AbstractAutowireCapableBeanFactory.java :380)
at
org.springframework.beans.factory.support.AbstractBeanFactory$1.getObjec
t(AbstractBeanFactory.java:245)
at
org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.g
etSingleton(DefaultSingletonBeanRegistry.java:141)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean(Ab
stractBeanFactory.java:242)
at
org.springframework.beans.factory.support.AbstractBeanFactory.getBean
(Ab
stractBeanFactory.java:156)
at
org.springframework.beans.factory.support.DefaultListableBeanFactory.pre
InstantiateSingletons(DefaultListableBeanFactory.java:290)
at
org.springframework.context.support.AbstractApplicationContext.refresh
(A
bstractApplicationContext.java:348)
at
org.springframework.web.context.support.AbstractRefreshableWebApplicatio
nContext.refresh(AbstractRefreshableWebApplicationContext.java:156)
at
org.springframework.web.context.ContextLoader.createWebApplicationContex
t(ContextLoader.java:246)
at
org.springframework.web.context.ContextLoader.initWebApplicationContext(
ContextLoader.java:184)
at
org.springframework.web.context.ContextLoaderListener.contextInitialized
(ContextLoaderListener.java:49)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.j
ava:3764)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java
:4216
)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.ja
va:760)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at
org.apache.catalina.core.StandardHost.addChild (StandardHost.java:544)
at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:9
20)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java
:883)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent
(HostConfig.java:31
1)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSu
pport.java:120)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at
org.apache.catalina.core.StandardEngine.start (StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:448)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start
(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessor
Impl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at
org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:433)
May 8, 2007 3:41:21 PM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
(END OF ERROR REPORT)
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
