Hi Jérôme, I wasn’t able to restore "service" as a query parameter. For security reasons, the HttpServletRequest class does not expose any methods to modify its query parameters .
I’m not sure if there’s a better way, but what I ended up doing was writing a “Filter” that wraps the request in a “HttpServletRequestWrapper” class like the following. public final class OAuthServiceParameterFilter implements Filter { static class FilteredRequest extends HttpServletRequestWrapper { public FilteredRequest(final ServletRequest request) { super((HttpServletRequest) request); } @Override public String getParameter(final String param) { String value = super.getParameter(param); if (param.equalsIgnoreCase("service") && (value == null)) { Object service = this.getSession().getAttribute("service"); if (service != null) { value = service.toString(); } } return value; } . . . With this class, every time ServiceThemeResolver calls “getParameter” for the “service” parameter, we return the service value that was stored in the session. Thanks, -- Jonathan From: Jérôme LELEU <lel...@gmail.com<mailto:lel...@gmail.com>> Reply-To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Date: Thursday, July 17, 2014 at 5:11 AM To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service parameter. Hi, I don't remember how I came to test RequestContextUtil.getTheme, but you're right, the default ServiceThemeResolver is based on the "service" query parameter and not on the "service" in the webflow. Would you mind overriding my OAuthAction with a new one restoring the "service" as a query parameter and do a new test? Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2014-07-16 15:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu<mailto:jhs...@mit.edu>>: Hi Jérôme, Which theme resolver are you using? Our code is configured as follows: >From our Cas-servlet.xml <!-- Theme Resolver --> <beanid="themeResolver"class="org.jasig.cas.services.web.ServiceThemeResolver" p:defaultThemeName="${cas.themeResolver.defaultThemeName}" p:argumentExtractors-ref="argumentExtractors" p:servicesManager-ref="servicesManager"> . . . </bean> >From our argumentExtractorsConfiguration.xml (I believe these are the default >argument extractors that comes with CAS Server 3.5.2) <bean id=“casArgumentExtractor" class="org.jasig.cas.web.support.CasArgumentExtractor" p:httpClient-ref="noRedirectHttpClient" p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> <beanid="samlArgumentExtractor"class="org.jasig.cas.web.support.SamlArgumentExtractor" p:httpClient-ref="noRedirectHttpClient" p:disableSingleSignOut="${slo.callbacks.disabled:false}"/> <util:listid="argumentExtractors"> <refbean="casArgumentExtractor"/> <refbean="samlArgumentExtractor"/> </util:list> org.jasig.cas.services.web.ServiceThemeResolver public String resolveThemeName(final HttpServletRequest request) { if (this.servicesManager == null) { return getDefaultThemeName(); } final Service service = WebUtils.getService(this.argumentExtractors, request); final RegisteredService rService = this.servicesManager.findServiceBy(service); . . . return service != null && rService != null && StringUtils.hasText(rService.getTheme()) ? rService.getTheme() : getDefaultThemeName(); } The above “org.jasig.cas.services.web.ServiceThemeResolver.resolveThemeName” method calls each configured argument extractor class which in turn calls a static method “createServiceFrom” from the “SimpleWebApplicationServiceImpl” class which creates a service based on an HttpServletRequest’s query parameter. publicstatic SimpleWebApplicationServiceImpl createServiceFrom( final HttpServletRequest request, final HttpClient httpClient) { final String targetService = request .getParameter(CONST_PARAM_TARGET_SERVICE); final String method = request.getParameter(CONST_PARAM_METHOD); final String serviceToUse = StringUtils.hasText(targetService) ? targetService : request.getParameter(CONST_PARAM_SERVICE); . . . As far as I can tell, the theme resolver we’re using looks for a service value in a HttpServletRequest’s parameter, while the OAuthAction class, stores this information in the session and RequestContext. // retrieve parameters from web session final Service service = (Service) session.getAttribute(OAuthConstants.SERVICE); context.getFlowScope().put(OAuthConstants.SERVICE, service); // save parameters in web session final Service service = (Service) context.getFlowScope().get(OAuthConstants.SERVICE); if (service != null) { session.setAttribute(OAuthConstants.SERVICE, service); } What am I missing? I do see a “restoreRequestAttribute” method in the OAuthAction class, but this method looks to only restore an attribute from a web session as a request attribute, not parameter. In addition, this method is never called for the “service” attribute. /** * Restore an attribute in web session as an attribute in request. * * @param request * @param session * @param name */ private void restoreRequestAttribute(final HttpServletRequest request, final HttpSession session, final String name) { final String value = (String) session.getAttribute(name); request.setAttribute(name, value); } Thank you in advance for any help or clarification you could provide. -- Jonathan From: Jérôme LELEU <lel...@gmail.com<mailto:lel...@gmail.com>> Reply-To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Date: Wednesday, June 18, 2014 at 9:04 AM To: "cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>" <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service parameter. Hi, Indeed, a logger.error would have been appreciated in the "catch (TicketException" part. Yes, the "restore" methods are the ones the comment is referring to. And they are called before the exception is thrown: all parameters should be restored. I've spent some time to perform a full test and the theme is properly restored through RequestContextUtil.getTheme. Here is the demo I setup: https://github.com/leleuj/cas-oauth-demo-3.5.x/commit/8ccb17d18a1b2fbd3049022ce88455c581328bed. I define a theme for my service and throw an exception as if the authentication has failed -> the theme is properly restored and generates an error (I have not that theme)... Hope it helps. Best regards, Jérôme Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> 2014-06-17 0:25 GMT+02:00 Jonathan <jhs...@mit.edu<mailto:jhs...@mit.edu>>: The exception I got appears to have been caught and handled by CAS/OAuthAction. There's not much of a trace in the log. OAuthAction.doExecute: . . . } catch (final TicketException e) { return error(); } cas.log 2014-06-16 18:07:07,023 INFO org.jasig.cas.authentication.AuthenticationManagerImpl - edu.cas.service.implementation.OAuthAuthenticationHandlerImplementation failed authenticating org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 cas-authentication.log 2014-06-16 18:08:43,338 INFO Audit trail record BEGIN ============================================================= WHO: org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293 WHAT: error.authentication.credentials.bad.usernameorpassword ACTION: TICKET_GRANTING_TICKET_NOT_CREATED APPLICATION: CAS WHEN: Mon Jun 16 18:08:43 EDT 2014 CLIENT IP ADDRESS: 127.0.0.1 SERVER IP ADDRESS: 127.0.0.1 ============================================================= Again, the problem seems to be that when RequestContextUtil.getTheme is eventually called, the default theme is used because the service parameter is null. The following is the comment for the OAuthAction class: /** * This class represents an action in the webflow to retrieve OAuth information on the callback url which is the webflow url (/login). The * {@link org.jasig.cas.support.oauth.OAuthConstants.OAUTH_PROVIDER} and the other OAuth parameters are expected after OAuth authentication. * Providers are defined by configuration. The {@link org.jasig.cas.support.oauth.OAuthConstants.SERVICE}, * {@link org.jasig.cas.support.oauth.OAuthConstants.THEME}, {@link org.jasig.cas.support.oauth.OAuthConstants.LOCALE} and * {@link org.jasig.cas.support.oauth.OAuthConstants.METHOD} parameters are saved and restored from web session after OAuth authentication. * * @author Jerome Leleu * @since 3.5.0 */ Is the comment about restoring parameters from the web session referring to the following code? // retrieve parameters from web session final Service service = (Service) session.getAttribute(OAuthConstants.SERVICE); context.getFlowScope().put(OAuthConstants.SERVICE, service); restoreRequestAttribute(request, session, OAuthConstants.THEME); restoreRequestAttribute(request, session, OAuthConstants.LOCALE); restoreRequestAttribute(request, session, OAuthConstants.METHOD); Thanks, -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: lel...@gmail.com<mailto:lel...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jhs...@mit.edu<mailto:jhs...@mit.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: lel...@gmail.com<mailto:lel...@gmail.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: jhs...@mit.edu<mailto:jhs...@mit.edu> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user