Re: Apache ISIS - Shiro - CAS Authentication
Hi Uma, How did you get on with these suggestions? Also, would you be able to share the code you have (for integrating with shiro-cas) in case others in the user community have the same use case Thx Dan On 16 August 2016 at 05:54, uma narayanwrote: > Hi, > I need to integrate apache isis with shiro-cas. With shiro-cas I was able > to authenticate and authorize successfully but still isis login page is > presented is to me. > > Summarizing my application flow:1. CAS filter re-directs to CAS Login > 2. CAS Realm performs authentication and authorization3. Then, apache isis > login page is presented again. > > On analyzing the source code found that AuthenticatedWebSession is not > created. Please provide me a solution to resolve this issue. > Thanks for your help,Uma > > >
Re: Apache ISIS - Shiro - CAS Authentication
Hi, On Tue, Aug 16, 2016 at 10:16 PM, David Tildesley < davo...@yahoo.co.nz.invalid> wrote: > Hi Uma, > Just an idea: you could extend org.apache.isis.viewer.wicket. > viewer.integration.wicket.WebRequestCycleForIsis > 1. Check for a Wicket Session: org.apache.wicket.protocol. > http.WebSession.get(); > Small correction. Session#get() acts as "get or create". Use Session#exists() to check whether there is a session or not. > 2. If none, assume the "container" has authenticated the user so then > check HttpServletRequest for a remote user (getRemoteUser();) > 3. If remote user exists then set the user in wicket: > org.apache.wicket.authroles.authentication.AuthenticatedWebSession.get(0.signIn(username, > ""): > > No doubt a few other things to take care of but may be a good starting > point. > > David. > > On Tuesday, 16 August 2016 5:04 PM, uma narayan >wrote: > > > Hi, > I need to integrate apache isis with shiro-cas. With shiro-cas I was able > to authenticate and authorize successfully but still isis login page is > presented is to me. > > Summarizing my application flow:1. CAS filter re-directs to CAS Login > 2. CAS Realm performs authentication and authorization3. Then, apache isis > login page is presented again. > > On analyzing the source code found that AuthenticatedWebSession is not > created. Please provide me a solution to resolve this issue. > Thanks for your help,Uma > > > > >
Re: Apache ISIS - Shiro - CAS Authentication
Hi Uma, Just an idea: you could extend org.apache.isis.viewer.wicket.viewer.integration.wicket.WebRequestCycleForIsis 1. Check for a Wicket Session: org.apache.wicket.protocol.http.WebSession.get(); 2. If none, assume the "container" has authenticated the user so then check HttpServletRequest for a remote user (getRemoteUser();) 3. If remote user exists then set the user in wicket: org.apache.wicket.authroles.authentication.AuthenticatedWebSession.get(0.signIn(username, ""): No doubt a few other things to take care of but may be a good starting point. David. On Tuesday, 16 August 2016 5:04 PM, uma narayanwrote: Hi, I need to integrate apache isis with shiro-cas. With shiro-cas I was able to authenticate and authorize successfully but still isis login page is presented is to me. Summarizing my application flow:1. CAS filter re-directs to CAS Login 2. CAS Realm performs authentication and authorization3. Then, apache isis login page is presented again. On analyzing the source code found that AuthenticatedWebSession is not created. Please provide me a solution to resolve this issue. Thanks for your help,Uma