Hi, I am agree with Marvin. I think is easy and more safety implements the server solution due to there are more login channels (gateway, renew...) that not need a form page, So, javascript isn't a correct solution for me.
I suggest a premature fix too much time ago (you can see the attached files at https://issues.jasig.org/browse/CAS-1219). Although CAS4 and mine have the same philosophy (destroy ticket and remove cookies), I prefer first. To patch in CAS3.5, you only need... 1. Create java files into your cas-server overlay ( http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html) project with that CAS4.0 feature. https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/TicketGrantingTicketCheckAction.java https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/TerminateSessionAction.java Only a tip. As in CAS4 the logout process has been refactored (you can see one of the join-points at TerminateSessionAction), you only need change in that file the line... WebUtils.putLogoutRequests(context, this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId)); with this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId); 2. Modify the cas-servlet.xml to add the webflow actions. If that file dont exists in your cas proyect, you need get it form the CAS5.2 repository. Next needed code has been extracted from CAS4 ( https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml): <bean id="ticketGrantingTicketCheckAction" class="<your_company_package> .cas.web.flow.TicketGrantingTicketCheckAction" c:registry-ref="ticketRegistry" /> <bean id="terminateSessionAction" class= "<your_company_package>.cas.web.flow.TerminateSessionAction" c:cas-ref="centralAuthenticationService" c:tgtCookieGenerator-ref="ticketGrantingTicketCookieGenerator" c:warnCookieGenerator-ref="warnCookieGenerator"/> 3. Modify the login-webflow.xml to use that actions. If that file dont exists in your cas overlay proyect, you need get it form the CAS5.2 repository. Next needed code has been extracted from CAS4 ( https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp/src/main/webapp/WEB-INF/login-webflow.xml). .. Replace (at the begining of file): <decision-state id="ticketGrantingTicketExistsCheck"> <if test="flowScope.ticketGrantingTicketId != null" then= "hasServiceCheck" else="gatewayRequestCheck" /> </decision-state> with: <action-state id="ticketGrantingTicketCheck"> <evaluate expression= "ticketGrantingTicketCheckAction.checkValidity(flowRequestContext)"/> <transition on="notExists" to="gatewayRequestCheck"/> <transition on="invalid" to="terminateSession"/> <transition on="valid" to="hasServiceCheck"/> </action-state> <action-state id="terminateSession"> <evaluate expression= "terminateSessionAction.terminate(flowRequestContext)"/> <transition to="generateLoginTicket"/> </action-state> 4. Test, test, and test in local enviroment generating a overlaying war ( http://jasig.github.io/cas/current/installation/Maven-Overlay-Installation.html). If you use the javascript method you also need to do that. I hope that be usefull. 2014-03-25 18:32 GMT+01:00 Oscar Shen <[email protected]>: > Hi Peter, > > > > Thank you very much for sharing your solution. I am interested in > implementing your solution. Frankly, I am not very familiar with javascript > and not confident enough to do it on my own. Is it possible you can share > you javascript code if you don’t mind.? Thank you in advance. > > > > Oscar > > > > *From:* Peter Kirby [mailto:[email protected]] > *Sent:* Thursday, March 20, 2014 10:22 AM > *To:* [email protected] > *Subject:* Re: [cas-dev] bug CAS-1318 patch? > > > > To Oscar and those affected by this bug: > > > > Adding in this validity check ended up being more time consuming than I > had thought it would be. That's largely due to not using Java too much. > So, I did a temporary workaround for this bug and I wanted to share the > idea in case it will help some others. > > > > I just added some javascript to the casLoginView.jsp page that did a check > for the CASTGC cookie. If that cookie is found it just deletes that > cookie, sets another cookie to flag that the CASTGC has already been > deleted once, and reloads the page. Then if that other flag cookie is set > it doesn't delete the CASTGC cookie so it's not an infinite loop of > deleting and reloading. > > > > This may not be the best solution, supported, etc... but it's what I did > and it seems to work. It's what we'll use until we're ready to move to 4.0. > > > > Peter > > > > > -- > > Peter Kirby > System and Database Administrator @ Harding University > > > > On Fri, Mar 7, 2014 at 6:05 AM, Marvin Addison <[email protected]> > wrote: > > > I would be very interested in this as well. I just recently joined this > > list hoping to find a fix for this very issue. I've been experimenting > with > > it for two weeks straight. I'm so glad to know it's a known bug. > > Unfortunately, that doesn't make the phone ring any less. > > I had no idea it was having that kind of impact. I believe the fix in > 4.0 that was referred to is to perform a validity check on the ticket > in the CASTGC cookie at the beginning of the login flow. That check is > performed by a trivial flow action: > > > https://github.com/Jasig/cas/blob/ce14f00dacea2c90edd5a90c38750ea1f8e9f750/cas-server-webapp-support/src/main/java/org/jasig/cas/web/flow/TicketGrantingTicketCheckAction.java > > You should be able to use that component without change and wire it > into the login flow. We can consider porting that component to 3.5.x > if there's interest, though our resources applied the 3.5.x branch > will drop precipitously upon release of 4.0. > > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > -- > You are currently subscribed to [email protected] as: [email protected] > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
