Hi, OK. You raise a use case we don't really think about, but calling the /oauth2.0/profile url to get the user profile is already an access token validation process as if the access token is not valid, you won't get any user profile.
Can you open an issue for that use case? So we can think how we should properly handle that (for 4.3). Thanks. Best regards, Jérôme 2016-03-30 8:27 GMT+02:00 Uwe Wolfinger <wolfing...@gmail.com>: > The goal that i want to achieve is to call a custom rest service, in a > custom webapp (e.g. /myapp/rest/data), which should be secured with an > access_token. So i don't want to use /oauth2.0/profile, as its of no use > for my case. > > So far i know how to get an access_token, but the open question is how to > secure the custom service. > > Kind regards, > Uwe > > Am Mittwoch, 30. März 2016 08:09:52 UTC+2 schrieb leleuj: >> >> Hi, >> >> I'm not sure to understand what you want to do exactly. CAS server v4.2 >> provides an OAuth server support for the authorization code grant type, so >> any OAuth client or so (properly configured) will be able to connect with >> the CAS server. >> >> For sure, the CasOAuthWrapperClient ( >> https://github.com/pac4j/pac4j/blob/master/pac4j-oauth/src/main/java/org/pac4j/oauth/client/CasOAuthWrapperClient.java) >> provided with pac4j works perfectly with it as most tests have been done >> with it (see this demo: https://github.com/leleuj/cas-pac4j-oauth-demo >> or this one: https://github.com/pac4j/play-pac4j-java-demo). >> >> Thanks. >> Best regards, >> Jérôme >> >> >> >> 2016-03-29 15:35 GMT+02:00 Uwe Wolfinger <wolfi...@gmail.com>: >> >>> Thank you very much for the quick response. >>> >>> So if i have a custom webapp, this means that i have to write my own >>> controller that extends BaseOAuthWrapperController. Will this work in a >>> standalone app, or has this controller to reside within the cas.war? Are >>> there any plans to provide a servlet filter (like >>> org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter) >>> for this kind of authentication? >>> >>> Another question concerns the access_token expiration: what is the >>> expiration time of this ticket (the same as the normal cas ticket?) and is >>> there a service, where i can refresh the access_token? >>> >>> Kind regards, >>> Uwe >>> >>> Am Dienstag, 29. März 2016 15:24:48 UTC+2 schrieb leleuj: >>>> >>>> Hi, >>>> >>>> Yes, /oauth2.0/profile is the only OAuth url, protected by access >>>> tokens. The /oauth2.0/authorize is the endpoint to call to start the >>>> authorization (/ authentication) process and get an access token. >>>> Then, you need to implement the check on the access token like it's >>>> done in the >>>> https://github.com/Jasig/cas/blob/4.2.x/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20ProfileController.java >>>> >>>> Thanks. >>>> Best regards, >>>> Jérôme >>>> >>>> >>>> >>>> 2016-03-29 15:17 GMT+02:00 Uwe Wolfinger <wolfi...@gmail.com>: >>>> >>>>> i have just installed cas version 4.2.0 with a ldap backend. Login >>>>> works fine, now i tried to get the oauth system working, but unfortunately >>>>> i got stuck. >>>>> >>>>> what i did so for: >>>>> - enabled the oauth server mode >>>>> - i am able to get an access_token but now the question is, how to use >>>>> this access token. >>>>> >>>>> My goal would be to write a custom rest service and secure this >>>>> service via oauth. So far i can only find the */oauth2.0/profile *service >>>>> where i can use the access_token. >>>>> >>>>> So my question is, is this the only service that is protected by >>>>> oauth? If no, how can i configure a custom service (in a client webapp - >>>>> as >>>>> i would do it as a standard cas client), that ist protected by oauth. >>>>> >>>>> Kind Regards, >>>>> Uwe >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "CAS Community" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to cas-user+u...@apereo.org. >>>>> Visit this group at >>>>> https://groups.google.com/a/apereo.org/group/cas-user/. >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Community" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas-user+u...@apereo.org. >>> Visit this group at >>> https://groups.google.com/a/apereo.org/group/cas-user/. >>> >> >> -- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cas-user+unsubscr...@apereo.org. > Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/ > . > -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/.
