Hi,
I just fixed the problem on 4.1-SNAPSHOT version:
https://github.com/Jasig/cas/commit/de6c198824c154ac9177c786eb4725eeca087780
.
Would you mind testing it?
Thanks.
Best regards,
Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
2014-07-17 14:08 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>:
>
> Hi Jérôme,
>
> I wasn’t able to restore "service" as a query parameter. For security
> reasons, the HttpServletRequest class does not expose any methods to modify
> its query parameters .
>
> I’m not sure if there’s a better way, but what I ended up doing was
> writing a “Filter” that wraps the request in a “HttpServletRequestWrapper”
> class like the following.
>
> public final class OAuthServiceParameterFilter implements Filter {
>
>
> static class FilteredRequest extends HttpServletRequestWrapper {
>
>
> public FilteredRequest(final ServletRequest request) {
>
> super((HttpServletRequest) request);
>
> }
>
>
> @Override
>
> public String getParameter(final String param) {
>
> String value = super.getParameter(param);
>
> if (param.equalsIgnoreCase("service") && (value == null)) {
>
> Object service = this.getSession().getAttribute("service");
>
> if (service != null) {
>
> value = service.toString();
>
> }
>
> }
>
> return value;
>
> }
>
> .
>
> .
>
> .
>
>
>
> With this class, every time ServiceThemeResolver calls “getParameter”
> for the “service” parameter, we return the service value that was stored in
> the session.
>
>
>
> Thanks,
>
>
> -- Jonathan
>
>
> From: Jérôme LELEU <lel...@gmail.com>
> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
> Date: Thursday, July 17, 2014 at 5:11 AM
> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service
> parameter.
>
> Hi,
>
> I don't remember how I came to test *RequestContextUtil.getTheme*, but
> you're right, the default *ServiceThemeResolver* is based on the
> "service" query parameter and not on the "service" in the webflow.
>
> Would you mind overriding my OAuthAction with a new one restoring the
> "service" as a query parameter and do a new test?
>
> Thanks.
> Best regards,
>
>
>
> Jérôme LELEU
> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>
>
> 2014-07-16 15:01 GMT+02:00 Jonathan H Shek <jhs...@mit.edu>:
>
>> Hi Jérôme,
>>
>> Which theme resolver are you using?
>>
>> Our code is configured as follows:
>>
>> From our Cas-servlet.xml
>>
>> <!-- Theme Resolver -->
>>
>> <beanid="themeResolver"class=
>> "org.jasig.cas.services.web.ServiceThemeResolver"
>>
>> p:defaultThemeName="${cas.themeResolver.defaultThemeName}"
>>
>> p:argumentExtractors-ref="argumentExtractors"
>>
>> p:servicesManager-ref="servicesManager">
>>
>> .
>>
>> .
>>
>> .
>> </bean>
>>
>> From our argumentExtractorsConfiguration.xml (I believe these are the
>> default argument extractors that comes with CAS Server 3.5.2)
>>
>> <bean
>>
>> id=“casArgumentExtractor" class=
>> "org.jasig.cas.web.support.CasArgumentExtractor"
>>
>> p:httpClient-ref="noRedirectHttpClient"
>>
>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/>
>>
>>
>> <beanid="samlArgumentExtractor"class=
>> "org.jasig.cas.web.support.SamlArgumentExtractor"
>>
>> p:httpClient-ref="noRedirectHttpClient"
>>
>> p:disableSingleSignOut="${slo.callbacks.disabled:false}"/>
>>
>>
>>
>> <util:listid="argumentExtractors">
>>
>> <refbean="casArgumentExtractor"/>
>>
>> <refbean="samlArgumentExtractor"/>
>>
>> </util:list>
>>
>>
>> org.jasig.cas.services.web.ServiceThemeResolver
>>
>>
>> public String resolveThemeName(final HttpServletRequest request) {
>>
>> if (this.servicesManager == null) {
>>
>> return getDefaultThemeName();
>>
>> }
>>
>>
>> final Service service = WebUtils.getService(this.
>> argumentExtractors, request);
>>
>> final RegisteredService rService = this.servicesManager
>> .findServiceBy(service);
>>
>> .
>>
>> .
>>
>> .
>>
>> return service != null && rService != null &&
>> StringUtils.hasText(rService.getTheme()) ? rService.getTheme() :
>> getDefaultThemeName();
>>
>> }
>>
>>
>> The above “org.jasig.cas.services.web.ServiceThemeResolver.resolveThemeName”
>> method calls each configured argument extractor class which in turn calls a
>> static method “createServiceFrom” from
>> the “SimpleWebApplicationServiceImpl” class which creates a service based
>> on an HttpServletRequest’s query parameter.
>>
>>
>> publicstatic SimpleWebApplicationServiceImpl createServiceFrom(
>>
>> final HttpServletRequest request, final HttpClient httpClient) {
>>
>> final String targetService = request
>>
>> .getParameter(CONST_PARAM_TARGET_SERVICE);
>>
>> final String method = request.getParameter(CONST_PARAM_METHOD);
>>
>> final String serviceToUse = StringUtils.hasText(targetService)
>>
>> ? targetService : request.getParameter(CONST_PARAM_SERVICE);
>>
>> .
>>
>> .
>>
>> .
>>
>>
>>
>>
>> As far as I can tell, the theme resolver we’re using looks for a
>> service value in a HttpServletRequest’s parameter, while the OAuthAction
>> class, stores this information in the session and RequestContext.
>>
>> // retrieve parameters from web session
>>
>> final Service service = (Service)
>> session.getAttribute(OAuthConstants.SERVICE);
>>
>> context.getFlowScope().put(OAuthConstants.SERVICE, service);
>>
>>
>>
>> // save parameters in web session
>>
>> final Service service = (Service)
>> context.getFlowScope().get(OAuthConstants.SERVICE);
>>
>> if (service != null) {
>>
>> session.setAttribute(OAuthConstants.SERVICE, service);
>>
>> }
>>
>>
>>
>> What am I missing?
>>
>>
>>
>> I do see a “restoreRequestAttribute” method in the OAuthAction class,
>> but this method looks to only restore an attribute from a web session as a
>> request attribute, not parameter.
>>
>> In addition, this method is never called for the “service” attribute.
>>
>>
>> /**
>>
>> * Restore an attribute in web session as an attribute in request.
>>
>> *
>>
>> * @param request
>>
>> * @param session
>>
>> * @param name
>>
>> */
>>
>> private void restoreRequestAttribute(final HttpServletRequest
>> request, final HttpSession session, final String name) {
>>
>> final String value = (String) session.getAttribute(name);
>>
>> request.setAttribute(name, value);
>>
>> }
>>
>>
>>
>> Thank you in advance for any help or clarification you could provide.
>>
>>
>>
>> -- Jonathan
>>
>>
>> From: Jérôme LELEU <lel...@gmail.com>
>> Reply-To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>> Date: Wednesday, June 18, 2014 at 9:04 AM
>> To: "cas-user@lists.jasig.org" <cas-user@lists.jasig.org>
>> Subject: Re: [cas-user] CAS OAuth Support 3.5.2 - Working with service
>> parameter.
>>
>> Hi,
>>
>> Indeed, a logger.error would have been appreciated in the "catch
>> (TicketException" part.
>>
>> Yes, the "restore" methods are the ones the comment is referring to.
>> And they are called before the exception is thrown: all parameters should
>> be restored.
>>
>> I've spent some time to perform a full test and the theme is properly
>> restored through RequestContextUtil.getTheme. Here is the demo I setup:
>> https://github.com/leleuj/cas-oauth-demo-3.5.x/commit/8ccb17d18a1b2fbd3049022ce88455c581328bed
>> .
>> I define a theme for my service and throw an exception as if the
>> authentication has failed -> the theme is properly restored and generates
>> an error (I have not that theme)...
>>
>> Hope it helps.
>> Best regards,
>> Jérôme
>>
>>
>>
>>
>> Jérôme LELEU
>> Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
>> Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org
>>
>>
>> 2014-06-17 0:25 GMT+02:00 Jonathan <jhs...@mit.edu>:
>>
>>> The exception I got appears to have been caught and handled by
>>> CAS/OAuthAction. There's not much of a trace in the log.
>>>
>>> OAuthAction.doExecute:
>>> .
>>> .
>>> .
>>> } catch (final TicketException e) {
>>> return error();
>>> }
>>>
>>>
>>> cas.log
>>> 2014-06-16 18:07:07,023 INFO
>>> org.jasig.cas.authentication.AuthenticationManagerImpl -
>>> edu.cas.service.implementation.OAuthAuthenticationHandlerImplementation
>>> failed authenticating
>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293
>>>
>>> cas-authentication.log
>>> 2014-06-16 18:08:43,338 INFO Audit trail record BEGIN
>>> =============================================================
>>> WHO:
>>> org.jasig.cas.support.oauth.authentication.principal.OAuthCredentials@27f34293
>>> WHAT: error.authentication.credentials.bad.usernameorpassword
>>> ACTION: TICKET_GRANTING_TICKET_NOT_CREATED
>>> APPLICATION: CAS
>>> WHEN: Mon Jun 16 18:08:43 EDT 2014
>>> CLIENT IP ADDRESS: 127.0.0.1
>>> SERVER IP ADDRESS: 127.0.0.1
>>> =============================================================
>>>
>>> Again, the problem seems to be that when RequestContextUtil.getTheme is
>>> eventually called, the default theme is used because the service parameter
>>> is null.
>>>
>>>
>>> The following is the comment for the OAuthAction class:
>>>
>>> /**
>>> * This class represents an action in the webflow to retrieve OAuth
>>> information on the callback url which is the webflow url (/login). The
>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.OAUTH_PROVIDER} and
>>> the other OAuth parameters are expected after OAuth authentication.
>>> * Providers are defined by configuration. The {@link
>>> org.jasig.cas.support.oauth.OAuthConstants.SERVICE},
>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.THEME}, {@link
>>> org.jasig.cas.support.oauth.OAuthConstants.LOCALE} and
>>> * {@link org.jasig.cas.support.oauth.OAuthConstants.METHOD} parameters
>>> are saved and restored from web session after OAuth authentication.
>>> *
>>> * @author Jerome Leleu
>>> * @since 3.5.0
>>> */
>>>
>>> Is the comment about restoring parameters from the web session referring
>>> to the following code?
>>>
>>> // retrieve parameters from web session
>>> final Service service = (Service)
>>> session.getAttribute(OAuthConstants.SERVICE);
>>> context.getFlowScope().put(OAuthConstants.SERVICE, service);
>>> restoreRequestAttribute(request, session,
>>> OAuthConstants.THEME);
>>> restoreRequestAttribute(request, session,
>>> OAuthConstants.LOCALE);
>>> restoreRequestAttribute(request, session,
>>> OAuthConstants.METHOD);
>>>
>>>
>>> Thanks,
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> lel...@gmail.com
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jhs...@mit.edu
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to cas-user@lists.jasig.org as:
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
