Not necessary at all. You could've simply switched Shiro's CAS ST validation mode to SAML like so:
casRealm.validationProtocol=SAML http://shiro.apache.org/cas.html Note: CAS v4 requires explicit enablement of SAML support. Cheers, Dmitriy. Sent from my iPhone > On Dec 25, 2015, at 10:42, rono <[email protected]> wrote: > > OK!!!! > i,m solve the problem > edit > cas-server-webapp\src\main\webapp\WEB-INF\view\jsp\protocol\2.0\casServiceValidationSuccess.jsp > > <%@ page session="false" contentType="text/xml; charset=UTF-8" %> > <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"; %> > <%@ taglib uri="http://java.sun.com/jsp/jstl/functions"; prefix="fn" %> > <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' > xmlns:gtx="http://www.gentics.com/sso/cas/xmlns";> > <cas:authenticationSuccess> > > <cas:user>${fn:escapeXml(assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.id)}</cas:user> > <cas:attributes> > <c:forEach var='item' > > items='${assertion.chainedAuthentications[fn:length(assertion.chainedAuthentications)-1].principal.attributes}'> > <gtx:${item.key}>${item.value}</gtx:${item.key}> > </c:forEach> > </cas:attributes> > <c:if test="${not empty pgtIou}"> > <cas:proxyGrantingTicket>${pgtIou}</cas:proxyGrantingTicket> > </c:if> > <c:if test="${fn:length(assertion.chainedAuthentications) > 1}"> > <cas:proxies> > <c:forEach var="proxy" > items="${assertion.chainedAuthentications}" varStatus="loopStatus" begin="0" > end="${fn:length(assertion.chainedAuthentications)-2}" step="1"> > <cas:proxy>${fn:escapeXml(proxy.principal.id)}</cas:proxy> > </c:forEach> > </cas:proxies> > </c:if> > </cas:authenticationSuccess> > </cas:serviceResponse> > >> On Wednesday, December 23, 2015 at 2:30:36 PM UTC+8, Misagh Moayyed wrote: >> Study: >> >> http://jasig.github.io/cas/4.1.x/protocol/CAS-Protocol-Specification.html#p3servicevalidate-cas-30 >> >> http://jasig.github.io/cas/4.1.x/integration/Attribute-Release.html >> >> >> >> >> >> From: [email protected] [mailto:[email protected]] On Behalf Of jason >> Sent: Tuesday, December 22, 2015 11:20 PM >> To: CAS Community <[email protected]> >> Subject: [cas-user] how to get shiro roles and permissions attributes from >> cas server >> >> >> >> when i use shiro-cas client buile web application >> i want to get shiro roles and permissions attributes from cas server >> >> >> >> the cas server: >> >> >> >> i custom a AttributeDao to response roles and permissions info >> >> >> >> public class BlogStubPersonAttributeDao extends StubPersonAttributeDao { >> >> @Override >> >> public IPersonAttributes getPerson(String uid) { >> >> >> >> Map<String, List<Object>> attributes = new HashMap<String, >> List<Object>>(); >> >> attributes.put("userid", Collections.singletonList((Object)uid)); >> >> attributes.put("roles", >> Collections.singletonList((Object)"role_admin")); >> >> attributes.put("permissions", >> Collections.singletonList((Object)"user:create")); >> >> attributes.put("test", Collections.singletonList((Object)"test")); >> >> return new AttributeNamedPersonImpl(attributes); >> >> } >> >> } >> >> >> >> and deployerConfigContext.xml >> >> <bean id="attributeRepository" >> class="org.jasig.services.persondir.support.BlogStubPersonAttributeDao" /> >> >> >> cas client use shiro >> >> 1. <bean id="casRealm" class="org.apache.shiro.cas.CasRealm"> >> 2. <property name="defaultRoles" value="admin,user"/> >> 3. <property name="defaultPermissions" >> value="user:create,user:update"/> >> 4. <property name="roleAttributeNames" value="roles"/> >> 5. <property name="permissionAttributeNames" value="permissions"/> >> 6. <property name="casServerUrlPrefix" >> value="https://localhost:8443/chapter14-server"/> >> 7. <property name="casService" >> value="https://localhost:9443/chapter14-client/cas"/> >> 8. </bean> >> >> >> but the cas server can not response roles and permissions >> so how to get shiro roles and permissions attributes from cas server when i >> used below >> https://github.com/apache/shiro/blob/1.2.x/support/cas/src/main/java/org/apache/shiro/cas/CasRealm.java#L162 >> >> -- >> You received this message because you are subscribed to the Google Groups >> "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. >> > > -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
