Hi Prasad,
You may be able to do an alternate CAS login page that you could set up basic
auth on, and then pass the credentials (along with the service name) to the CAS
login page for authentication? You could start with something like the
following, and then modify it to meet your needs. In this case, you could just
post a service, username, and password parameters to the page, which would then
to the authentication to CAS and redirect to the service.
You would store this file on your CAS server, probably in Tomcat's ROOT webapp
folder. (This has been tested working for us with CAS 3.4.x, 3.5.x, and 4.0.1,
but the usual "use at your own risk, your mileage may vary" disclaimer applies.)
<%@page contentType="text/html; charset=windows-1252" isELIgnored="false"
import="java.net.URL"
import="java.net.HttpURLConnection"
import="java.io.InputStream"
import="java.io.BufferedReader"
import="java.io.InputStreamReader"
%>
<%
response.setHeader("Cache-Control","no-cache"); //HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", -1); //prevents caching at the proxy server
String testURL = "https://; + String.valueOf(request.getServerName()) +
"/cas/login";
String myService = request.getParameter("service");
String username = request.getParameter("username");
String password = request.getParameter("password");
if ((myService != null) && (myService != "")) {
testURL = testURL + "?service=" + myService;
}
String myLT = "";
String myExecution = "";
URL myUrl = new URL(testURL);
HttpURLConnection myUrlConnection = (HttpURLConnection)myUrl.openConnection();
myUrlConnection.setDoInput(true);
myUrlConnection.setDoOutput(false);
String myCookie = myUrlConnection.getHeaderField("Set-Cookie");
myUrlConnection = (HttpURLConnection)myUrl.openConnection();
if (myCookie != null) {
myUrlConnection.setRequestProperty("Cookie", myCookie);
}
myUrlConnection.setDoInput(true);
myUrlConnection.setDoOutput(false);
response.addHeader("Set-Cookie", myCookie);
response.setContentType("text/html");
if (null != (myCookie = myUrlConnection.getHeaderField("Set-Cookie"))) {
response.addHeader("Set-Cookie", myCookie);
}
InputStream webContent = (InputStream)myUrlConnection.getInputStream();
BufferedReader pageStream = new BufferedReader (new InputStreamReader
(webContent));
String currentLine = "";
String debugOutput = "";
if(myUrlConnection.getResponseCode() == 200){ //Makes sure that the page
pulled correctly and didn't give an error
while ((currentLine = pageStream.readLine()) != null) {
if (currentLine.toLowerCase().indexOf("name=\"lt\"") > -1) {
myLT = currentLine.substring(currentLine.indexOf("value=") +
7,currentLine.length() - 4);
} else if (currentLine.toLowerCase().indexOf("name=\"execution\"") > -1) {
myExecution = currentLine.substring(currentLine.indexOf("value=") +
7,currentLine.length() - 4);
}
}
}
pageStream.close();
%>
Loading...
>>> Mahantesh Prasad Katti 11/12/15 12:37 AM >>>
Hi All,
I am working on an application that runs on glassfish. There are some web
services exposed on this application. These are accessed using basic HTTP
authentication by external applications. Recently this app [that runs on
glassfish] was casified. This meant that the external applications cannot
access the application by providing the http basic auth as they used to do
earlier. [They do not want to get CAS tokens and supply them while invoking
the services].
The requirement is to retain previous auth model for external applications
while having the CASification in place. We are using JSR-196 for the
CASification. I wanted to know if this is really possible. JEE only allows us
to have one active realm at any point in time. Is it possible to have a filter
layer before JASPIC which based on the user agent header will determine if the
request needs to be authenticated with http basic method? If so it will fire a
request to CAS and get the token and redirect to the service being inviked.
I can provide more details in case I was not able to explain the scenario
properly.
Regards
Prasad
--
You are currently subscribed to cas-user@lists.jasig.org as:
cmy...@mail.millikin.edu
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
