Announcement Announcement Module
Collapse
No announcement yet.
(Newbie) Using Acegi+CAS Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • (Newbie) Using Acegi+CAS

    Hi,

    I have a working web app running on Weblogic 8.1. The security model implemented is using an LDAP server. I would like to use Acegi+CAS for SSO purpose.

    The snippet of my web.xml is :
    Code:
    ...
        <filter>
            <filter-name>MyFilter</filter-name>
            <filter-class>com.personal.MyOwnFilter</filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>MyFilter</filter-name>
            <servlet-name>MyDispatcher</servlet-name>
        </filter-mapping>
    
        <servlet>
            <servlet-name>MyDispatcher</servlet-name>
            <servlet-class>com.personal.MyServletDispatcher</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
    ...
    It's within MyServletDispather.java that I implement the security model :
    Code:
    public class Dispatcher extends HttpServlet {
        ...
        public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException  {
            ...
            if ( authentication(request,response) ) {
                doA();
            } else {
                doB();
            }
        }
        ...
    }
    I took the applicationContext-acegi-security.xml ( <Only used by "cas" artifact> ) as my starting point, but here is my questions :
    1. which bean(s) I need to use to replace
    Code:
    if ( authentication(request,response) ) {
    2. which bean(s) I need to use to display the current user logged-in ?
    3. what happen to MyOwnFilter.java ? Do I need to include in the "filterChainProxy" ?

    Thanks.

  • #2
    Hi,

    Oops, I meant :
    Code:
    public class MyServletDispatcher extends HttpServlet {
    }
    According CAS site, I need to use the following for AuthenticationManager ( and for LDAP ) :
    Code:
        ...
        <bean id="authenticationManager" class="org.jasig.cas.authentication.AuthenticationManagerImpl">
            <property name="credentialsToPrincipalResolvers">
                <list>
                    <bean class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                    <bean class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                </list>
            </property>
            
            <property name="authenticationHandlers">
                <list>
                    <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler" />
                    <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler" >
                        <property name="filter" value="uid=%u" />
                        <property name="searchBase" value="ou=xxx,dc=yyy,dc=zzz" />
                        <property name="contextSource" ref="contextSource" />
                    </bean>
                </list>
            </property>
        </bean>
    
        <bean id="contextSource" class="org.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource">
            <property name="authenticatedReadOnly" value="true" />
            <property name="userName" value="${ldap_username_goes_here}" />
            <property name="password" value="${ldap_password_goes_here}" />
            <property name="urls">
                <list>
                    <value>${ldap_url}</value>
                </list>
            </property>
            <property name="baseEnvironmentProperties">
                <map>
                    <entry>
                        <key><value>java.naming.security.authentication</value></key>
                        <value>simple</value>
                    </entry>
                </map>
            </property>
        </bean>
        ...
    but the applicationContext-acegi-security.xml ( <Only used by "cas" artifact> ) uses this :
    [code]
    ...
    <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager ">
    <property name="providers">
    <list>
    <ref local="casAuthenticationProvider" />
    </list>
    </property>
    </bean>
    ...
    /code]

    Which "authenticationManager" I need to use, the Acegi's version or CAS's version ?

    Thanks.

    Comment


    • #3
      Anyone please ?

      Comment


      • #4
        Check the referenceguide (chapter 18) on the acegi website it describes how to use CAS and Acegi. You also first try to take a look at the examples/tutorials which come with acegi and are described on the acegi website to get an understanding how acegi works.

        After that I'm certain you can answer your questions yourself

        Comment


        • #5
          I've already passed by chapter and others, as well as the acegi and cas sites.

          Anyone else could help me out ?

          Thanks.

          Comment


          • #6
            Both Acegi and CAS have their own AuthenticationManagers that have nothing to do with each other. CAS needs its own. And Acegi needs its own.

            I would recommend getting your CAS server to work on its own before you do any Acegi work.

            Comment


            • #7
              Thanks Scott.

              Yet, I'm still unable to find which bean(s) I need to use to replace this :
              Code:
              if ( authentication(request,response) ) {
              I appreciate any help/suggestions.

              Thanks.

              Comment


              • #8
                You wouldn't need that line of code. You would configure Acegi in the XML file (look at the examples) to protect the URLS that you want and then Acegi automatically handles the "isThisUserAuthenticated" check that you would have coded in.

                The Contacts-CAS application is a good example.

                Comment


                • #9
                  Originally posted by Scott Battaglia View Post
                  The Contacts-CAS application is a good example.
                  Thanks Scott. Just download from cvs, but I did not find contact cas application ( contact-cas.war ). Am I looking at the wrong directory ?

                  Thanks.

                  Comment

                  Working...
                  X